| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Starker Verdacht auf Virus/TrojanerWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
30.04.2012, 12:13
| #1 |
 |  Starker Verdacht auf Virus/Trojaner Hallo! Mir ist aufgefallen das mein PC in den letzten Tagen deutlich langsamer wurde. Ebenfalls hat mein Antivirus (Avast) vor ca. 2 Wochen einen Trojaner gefunden, der aber gelöscht wurde, daher dachte ich es wäre wieder alles okay. Naja, ich habe nun wie in der Anleitung beschrieben die 3 Programme laufen lassen und die Logfiles angehängt. Ich hoffe ihr könnt mir weiterhelfen! MfG Mhh, hab ich was falsch gemacht? Ich möchte ja nicht nerven aber ich glaube mein Thread geht langsam unter  Geändert von Da GuRu (30.04.2012 um 18:06 Uhr) Grund: Starker Verdacht auf Virus/Trojaner |
|
30.04.2012, 19:14
| #2 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Starker Verdacht auf Virus/TrojanerZitat:
Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
__________________ |
|
30.04.2012, 19:55
| #3 |
| | Starker Verdacht auf Virus/Trojaner Avast Reports:
__________________Code:
ATTFilter C:\Users\****\AppData\Local\Temp\cgs8h0.exe Bedrohung: Win32:Rootkit-gen [Rtk]
C:\Users\****\AppData\Local\Temp\cgs8h1.exe Bedrohung: Win32:Rootkit-gen [Rtk]
C:\Users\****\AppData\Local\Temp\cgs8h2.exe Bedrohung: Win32:Rootkit-gen [Rtk]
C:\Users\****\AppData\Local\Temp\cgs8h3.exe Bedrohung: Win32:Rootkit-gen [Rtk]
Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 12:21 on 30/04/2012 (****)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
[code].DDS Logfile: DDS Logfile: Code:
ATTFilter DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_30
Run by **** at 12:22:49 on 2012-04-30
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.49.1031.18.3583.2406 [GMT 2:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Sandboxie\SbieSvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
C:\Windows\system32\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://start.facemoods.com/?a=ddrnw
mSearchAssistant = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
uRun: [PlayNC Launcher]
mRun: [HDAudDeck] c:\program files\via\viaudioi\vdeck\VDeck.exe -r
mRun: [VIAAUD] c:\program files\via\viaudioi\vdeck\VIAAUD.exe
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Free YouTube to MP3 Converter - c:\users\****\appdata\roaming\dvdvideosoftiehelpers\freeyoutubetomp3converter.htm
DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/de/uno1/GAME_UNO1.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{007D5165-2504-47F8-9C7C-854EE0914DDF} : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{17C25BBA-AB76-4DFC-BC39-D08E14B664D4}\57E6A756E6762757265627 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{17C25BBA-AB76-4DFC-BC39-D08E14B664D4}\64259445A51224F6870275C414E40233033303 : DhcpNameServer = 192.168.178.1
TCP: Interfaces\{17C25BBA-AB76-4DFC-BC39-D08E14B664D4}\B4572616D275C414E4 : DhcpNameServer = 192.168.178.1
TCP: Interfaces\{1B35AB03-FB5D-4CEC-9676-FB06B274D7F1} : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{1B35AB03-FB5D-4CEC-9676-FB06B274D7F1}\16577656 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{1B35AB03-FB5D-4CEC-9676-FB06B274D7F1}\75C414E4D2131303243383 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{1B35AB03-FB5D-4CEC-9676-FB06B274D7F1}\B4572616D275C414E4 : DhcpNameServer = 192.168.178.1
TCP: Interfaces\{46474865-D3E9-44C0-825C-C49669E17E4E} : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{62B1F67C-720E-4910-9143-FC4B0B1434D0} : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{62B1F67C-720E-4910-9143-FC4B0B1434D0}\75C414E4D2131303243383 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{62B1F67C-720E-4910-9143-FC4B0B1434D0}\D496B6B6F6C69636A71224F68702 : DhcpNameServer = 192.168.178.1
TCP: Interfaces\{B6BD8B91-C2D2-4A2A-A256-C158072F3593} : DhcpNameServer = 192.168.2.1
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\****\appdata\roaming\mozilla\firefox\profiles\wxoysspe.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://start.facemoods.com/?a=ddrnw
FF - prefs.js: network.proxy.http - 70.89.2.57
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
FF - plugin: c:\users\****\appdata\locallow\unity\webplayer\loader\npUnity3D32.dll
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-11-18 612184]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-11-18 337880]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2012-1-16 218688]
R1 ntiomin;ntiomin;c:\windows\system32\drivers\ntiomin.sys [2010-8-10 11392]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-12-6 163328]
R2 AMD FUEL Service;AMD FUEL Service;c:\program files\ati technologies\ati.ace\fuel\Fuel.Service.exe [2011-12-5 291840]
R2 AODDriver4.01;AODDriver4.01;c:\program files\ati technologies\ati.ace\fuel\i386\aoddriver2.sys [2011-6-24 39424]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-11-18 20696]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-11-18 57688]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-3-25 44768]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\logmein hamachi\hamachi-2.exe [2012-2-28 1373576]
R2 TeamViewer6;TeamViewer 6;c:\program files\teamviewer\version6\TeamViewer_Service.exe [2011-8-30 2358656]
R3 amdiox86;AMD IO Driver;c:\windows\system32\drivers\amdiox86.sys [2011-6-1 37944]
R3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atikmdag.sys [2011-12-6 9067008]
R3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2011-12-6 264192]
R3 athur;Wireless Network Adapter Service;c:\windows\system32\drivers\athur.sys [2011-10-27 1559552]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2011-10-17 85520]
R3 SbieDrv;SbieDrv;c:\program files\sandboxie\SbieDrv.sys [2011-11-23 131856]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2009-11-25 1108480]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\drivers\MijXfilt.sys [2012-1-7 95304]
S3 netr73;RT73 USB-Drahtlos-LAN-Kartentreiber für Vista;c:\windows\system32\drivers\netr73.sys [2009-6-10 545792]
S3 RTL8187B;NETGEAR WG111v3 Wireless-G USB Adapter Win7 Driver;c:\windows\system32\drivers\wg111v3.sys [2011-7-8 376832]
S3 RTL8192su;%RTL8192su.DeviceDesc.DispName%;c:\windows\system32\drivers\RTL8192su.sys [2010-1-6 583680]
S4 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2011-6-6 64952]
.
=============== Created Last 30 ================
.
.
==================== Find3M ====================
.
2012-03-24 22:43:28 314880 ----a-w- c:\windows\system32\fmodex.dll
2012-03-06 23:15:19 41184 ----a-w- c:\windows\avastSS.scr
2012-03-06 23:03:51 612184 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-03-06 23:02:14 44376 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-03-06 23:01:48 57688 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-03-06 05:59:41 3958128 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-03-06 05:59:41 3902320 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-01 05:53:27 19312 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-03-01 05:49:05 172544 ----a-w- c:\windows\system32\wintrust.dll
2012-03-01 05:45:05 158720 ----a-w- c:\windows\system32\imagehlp.dll
2012-03-01 05:40:44 5120 ----a-w- c:\windows\system32\wmi.dll
2012-02-28 01:18:55 1799168 ----a-w- c:\windows\system32\jscript9.dll
2012-02-28 01:11:21 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2012-02-28 01:11:07 1127424 ----a-w- c:\windows\system32\wininet.dll
2012-02-28 01:03:16 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-02-23 08:18:36 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-02-15 05:44:57 826368 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-15 04:22:43 177152 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-15 04:22:18 24064 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-10 05:41:38 1074176 ----a-w- c:\windows\system32\DWrite.dll
2012-02-10 05:41:20 218624 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-02-10 05:41:20 161792 ----a-w- c:\windows\system32\d3d10_1.dll
2012-02-10 05:41:20 1170944 ----a-w- c:\windows\system32\d3d10warp.dll
2012-02-10 05:41:19 739840 ----a-w- c:\windows\system32\d2d1.dll
2012-02-03 04:01:58 2341376 ----a-w- c:\windows\system32\win32k.sys
.
============= FINISH: 12:23:15,06 ===============
--- --- --- Attach: Code:
ATTFilter . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume1 Install Date: 01.06.2011 19:12:03 System Uptime: 30.04.2012 11:58:03 (1 hours ago) . Motherboard: ASRock | | N68-S3 UCC Processor: AMD Phenom(tm) II X6 1055T Processor | CPUSocket | 2800/200mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 931 GiB total, 395,408 GiB free. D: is CDROM () E: is CDROM () . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP187: 17.04.2012 23:12:30 - Windows Update RP188: 21.04.2012 03:32:02 - Windows Update RP189: 24.04.2012 17:53:41 - Windows Update RP190: 27.04.2012 20:02:31 - Windows Update . ==== Installed Programs ====================== . Adobe AIR Adobe Flash Player 10 ActiveX Adobe Flash Player 10 Plugin Adobe Reader X (10.1.1) - Deutsch Aion AMD APP SDK Runtime AMD Catalyst Install Manager AMD Drag and Drop Transcoding AMD Fuel AMD Media Foundation Decoders AMD VISION Engine Control Center Apple Application Support Apple Software Update ASIO4ALL µTorrent Audiosurf avast! Free Antivirus Battlefield Play4Free Belkin Connect Wireless USB Adapter Bully Scholarship Edition Camtasia Studio 7 Catalyst Control Center - Branding Catalyst Control Center Graphics Previews Common Catalyst Control Center InstallProxy Catalyst Control Center Localization All ccc-utility CCC Help Chinese Standard CCC Help Chinese Traditional CCC Help Czech CCC Help Danish CCC Help Dutch CCC Help English CCC Help Finnish CCC Help French CCC Help German CCC Help Greek CCC Help Hungarian CCC Help Italian CCC Help Japanese CCC Help Korean CCC Help Norwegian CCC Help Polish CCC Help Portuguese CCC Help Russian CCC Help Spanish CCC Help Swedish CCC Help Thai CCC Help Turkish CPUCooL (remove only) Curse Client D3DX10 DAEMON Tools Lite Diablo III Beta DIE SIEDLER - Das Erbe der Könige EVE Online (remove only) Fallout New Vegas FL Studio 10 FL Studio 9 Forsaken World Fraps (remove only) Free YouTube to MP3 Converter version 3.10.5.722 Garena 2010 GIMP 2.6.11 Global Agenda GUILD WARS Half-Life 2 Half-Life 2: Episode One Hardcore Hydra VSTi/DXi v1.2 IL Download Manager ILLUSION RapeLay iZotope Ozone 4 JA Launcher Java Auto Updater Java(TM) 6 Update 30 JDownloader 0.9 League of Legends LogMeIn Hamachi LOLReplay Malwarebytes Anti-Malware Version 1.60.1.1000 Mass Effect 2 German Messenger Plus! 5 Microsoft .NET Framework 4 Client Profile Microsoft .NET Framework 4 Client Profile DEU Language Pack Microsoft .NET Framework 4 Extended Microsoft .NET Framework 4 Extended DEU Language Pack Microsoft Application Error Reporting Microsoft Games for Windows - LIVE Redistributable Microsoft Games for Windows Marketplace Microsoft Silverlight Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 Microsoft XNA Framework Redistributable 4.0 MotioninJoy ds3 driver version 0.6.0005 Mozilla Firefox 11.0 (x86 de) MSVCRT MTA:SA v1.0.5 NCsoft Launcher NETGEAR WG111v3 wireless USB 2.0 adapter NVIDIA Drivers NVIDIA PhysX Ohm Force - Ohmicide VST Orcs Must Die! Pando Media Booster Platform PoiZone PunkBuster Services QuickTime Realtek High Definition Audio Driver reFX Nexus VSTi RTAS v2.2.0 Sandboxie 3.62 (32-bit) Sawer Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile DEU Language Pack (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile DEU Language Pack (KB2518870) Security Update for Microsoft .NET Framework 4 Extended (KB2416472) Security Update for Microsoft .NET Framework 4 Extended (KB2487367) Security Update for Microsoft .NET Framework 4 Extended (KB2656351) Sonic Charge µTonic VSTi v2.0.1 Spiral Knights Supreme Commander Supreme Commander 2 Supreme Commander: Forged Alliance Sylenth1 v2.20 TeamSpeak 3 Client TeamViewer 6 Terraria thriXXX 3DSexVilla2-114.001 TmNationsForever Toxic Biohazard TP-LINK Drahtlos Tool Unity Web Player Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2473228) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft .NET Framework 4 Extended (KB2468871) Update for Microsoft .NET Framework 4 Extended (KB2533523) Update for Microsoft .NET Framework 4 Extended (KB2600217) VIA Plattform-Geräte-Manager VirtualDJ Home FREE Vista Anti-Lag 1.1.1 VLC media player 1.1.10 Waves Diamond Bundle v5.2 Windows Live Communications Platform Windows Live Essentials Windows Live ID Sign-in Assistant Windows Live Installer Windows Live Messenger Windows Live Photo Common Windows Live PIMT Platform Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack WinRAR 4.01 (32-Bit) World of Warcraft X-Universe Plugin Manager V1.30 by Cycrow X3 Terran Conflict v3.1 . ==== End Of File =========================== Code:
ATTFilter GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-04-30 13:09:53
Windows 6.1.7600 Harddisk0\DR0 -> \Device\00000069 SAMSUNG_ rev.1AJ1
Running: v7pnp6d1.exe; Driver: C:\Users\****\AppData\Local\Temp\kxldqpog.sys
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0x9203CDF8]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0x92384A5A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAssignProcessToJobObject [0x9203D85E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0x920422E4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0x92042330]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0x92042422]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0x92042252]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0x92042374]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0x9204229A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0x920423DC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0x9203CE44]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0x92384B34]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0x9203CAD6]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0x9203CE90]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0x9203FD1C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0x9203DB02]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0x9204230E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0x92042352]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0x92042446]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0x92042278]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0x920423AE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0x920422C2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0x92042400]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0x92384CA0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0x9203D9CE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0x9203CEDC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0x9203CF28]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0x9203CB46]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0x9203CCEA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0x9203CC92]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0x9203CD5A]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwTerminateProcess [0x92384D60]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0x9203CF74]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwWriteVirtualMemory [0x92384BE0]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0x9239AD92]
Code 9A668BFC ZwTraceEvent
Code 9A668BFB NtTraceEvent
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!NtTraceEvent 82E71E24 5 Bytes JMP 9A668C00
.text ntkrnlpa.exe!ZwSaveKeyEx + 13BD 82E825C9 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82EA7092 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!RtlSidHashLookup + 244 82EAE884 4 Bytes [F8, CD, 03, 92] {CLC ; INT 0x3; XCHG EDX, EAX}
.text ntkrnlpa.exe!RtlSidHashLookup + 26C 82EAE8AC 4 Bytes [5A, 4A, 38, 92]
.text ntkrnlpa.exe!RtlSidHashLookup + 2CC 82EAE90C 2 Bytes [5E, D8]
.text ntkrnlpa.exe!RtlSidHashLookup + 2CF 82EAE90F 1 Byte [92]
.text ntkrnlpa.exe!RtlSidHashLookup + 320 82EAE960 8 Bytes [E4, 22, 04, 92, 30, 23, 04, ...] {IN AL, 0x22; ADD AL, 0x92; XOR [EBX], AH; ADD AL, 0x92}
.text ...
PAGE ntkrnlpa.exe!ObMakeTemporaryObject 830483BE 5 Bytes JMP 92397C8C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ObInsertObject + 27 830620CD 5 Bytes JMP 92399764 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 108 830AC75A 4 Bytes CALL 9203E1B5 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntkrnlpa.exe!ZwAlpcSendWaitReceivePort + 2 830B474B 5 Bytes JMP 9A668DE0
PAGE ntkrnlpa.exe!ZwAlpcSendWaitReceivePort + 122 830B486B 4 Bytes CALL 9203E1CB \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntkrnlpa.exe!NtRequestWaitReplyPort + 2 830B6173 5 Bytes JMP 9A668D40
PAGE ntkrnlpa.exe!NtRequestPort + 2 830CA3D9 5 Bytes JMP 9A668CA0
PAGE ntkrnlpa.exe!ZwCreateProcessEx 8311A4FE 7 Bytes JMP 9239AD96 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
.text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x9623A000, 0x3C12C5, 0xE8000020]
.text C:\Windows\system32\DRIVERS\lirsgt.sys section is writeable [0x95DB5300, 0x1BCE, 0xE8000020]
? C:\Users\****\AppData\Local\Temp\mbr.sys Das System kann die angegebene Datei nicht finden. !
.text kernel32.dll!GetBinaryTypeW + 70 769278FC 1 Byte [62]
---- User code sections - GMER 1.0.15 ----
.text C:\Windows\system32\svchost.exe[388] ntdll.dll!LdrUnloadDll 77ADBD1F 5 Bytes JMP 000603FC
.text C:\Windows\system32\svchost.exe[388] ntdll.dll!LdrLoadDll 77ADF425 5 Bytes JMP 000601F8
.text C:\Windows\system32\svchost.exe[388] kernel32.dll!GetBinaryTypeW + 70 769278FC 1 Byte [62]
.text C:\Windows\system32\csrss.exe[432] kernel32.dll!GetBinaryTypeW + 70 769278FC 1 Byte [62]
.text C:\Windows\system32\wininit.exe[512] ntdll.dll!LdrUnloadDll 77ADBD1F 5 Bytes JMP 000303FC
.text C:\Windows\system32\wininit.exe[512] ntdll.dll!LdrLoadDll 77ADF425 5 Bytes JMP 000301F8
.text C:\Windows\system32\wininit.exe[512] kernel32.dll!GetBinaryTypeW + 70 769278FC 1 Byte [62]
.text C:\Windows\system32\wininit.exe[512] USER32.dll!UnhookWindowsHookEx 767CCC7B 5 Bytes JMP 000C0A08
.text C:\Windows\system32\wininit.exe[512] USER32.dll!UnhookWinEvent 767CD924 5 Bytes JMP 000C03FC
.text C:\Windows\system32\wininit.exe[512] USER32.dll!SetWindowsHookExW 767D210A 5 Bytes JMP 000C0804
.text C:\Windows\system32\wininit.exe[512] USER32.dll!SetWinEventHook 767D507E 5 Bytes JMP 000C01F8
.text C:\Windows\system32\wininit.exe[512] USER32.dll!SetWindowsHookExA 767F6DFA 5 Bytes JMP 000C0600
.text C:\Windows\system32\csrss.exe[520] kernel32.dll!GetBinaryTypeW + 70 769278FC 1 Byte [62]
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[524] ntdll.dll!LdrUnloadDll 77ADBD1F 5 Bytes JMP 000A03FC
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[524] ntdll.dll!LdrLoadDll 77ADF425 5 Bytes JMP 000A01F8
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[524] kernel32.dll!GetBinaryTypeW + 70 769278FC 1 Byte [62]
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[524] USER32.dll!UnhookWindowsHookEx 767CCC7B 5 Bytes JMP 000D0A08
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[524] USER32.dll!UnhookWinEvent 767CD924 5 Bytes JMP 000D03FC
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[524] USER32.dll!SetWindowsHookExW 767D210A 5 Bytes JMP 000D0804
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[524] USER32.dll!SetWinEventHook 767D507E 5 Bytes JMP 000D01F8
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[524] USER32.dll!SetWindowsHookExA 767F6DFA 5 Bytes JMP 000D0600
.text C:\Windows\system32\services.exe[560] ntdll.dll!LdrUnloadDll 77ADBD1F 5 Bytes JMP 000603FC
.text C:\Windows\system32\services.exe[560] ntdll.dll!LdrLoadDll 77ADF425 5 Bytes JMP 000601F8
.text C:\Windows\system32\services.exe[560] kernel32.dll!GetBinaryTypeW + 70 769278FC 1 Byte [62]
.text C:\Windows\system32\lsass.exe[580] ntdll.dll!LdrUnloadDll 77ADBD1F 5 Bytes JMP 000603FC
.text C:\Windows\system32\lsass.exe[580] ntdll.dll!LdrLoadDll 77ADF425 5 Bytes JMP 000601F8
.text C:\Windows\system32\lsass.exe[580] kernel32.dll!GetBinaryTypeW + 70 769278FC 1 Byte [62]
.text C:\Windows\system32\lsass.exe[580] USER32.dll!UnhookWindowsHookEx 767CCC7B 5 Bytes JMP 001D0A08
.text C:\Windows\system32\lsass.exe[580] USER32.dll!UnhookWinEvent 767CD924 5 Bytes JMP 001D03FC
.text C:\Windows\system32\lsass.exe[580] USER32.dll!SetWindowsHookExW 767D210A 5 Bytes JMP 001D0804
.text C:\Windows\system32\lsass.exe[580] USER32.dll!SetWinEventHook 767D507E 5 Bytes JMP 001D01F8
.text C:\Windows\system32\lsass.exe[580] USER32.dll!SetWindowsHookExA 767F6DFA 5 Bytes JMP 001D0600
.text C:\Windows\system32\lsm.exe[588] ntdll.dll!LdrUnloadDll 77ADBD1F 5 Bytes JMP 000603FC
.text C:\Windows\system32\lsm.exe[588] ntdll.dll!LdrLoadDll 77ADF425 5 Bytes JMP 000601F8
.text C:\Windows\system32\lsm.exe[588] kernel32.dll!GetBinaryTypeW + 70 769278FC 1 Byte [62]
.text C:\Windows\system32\winlogon.exe[728] ntdll.dll!LdrUnloadDll 77ADBD1F 5 Bytes JMP 000303FC
.text C:\Windows\system32\winlogon.exe[728] ntdll.dll!LdrLoadDll 77ADF425 5 Bytes JMP 000301F8
.text C:\Windows\system32\winlogon.exe[728] kernel32.dll!GetBinaryTypeW + 70 769278FC 1 Byte [62]
.text C:\Windows\system32\winlogon.exe[728] USER32.dll!UnhookWindowsHookEx 767CCC7B 5 Bytes JMP 000C0A08
.text C:\Windows\system32\winlogon.exe[728] USER32.dll!UnhookWinEvent 767CD924 5 Bytes JMP 000C03FC
.text C:\Windows\system32\winlogon.exe[728] USER32.dll!SetWindowsHookExW 767D210A 5 Bytes JMP 000C0804
.text C:\Windows\system32\winlogon.exe[728] USER32.dll!SetWinEventHook 767D507E 5 Bytes JMP 000C01F8
.text C:\Windows\system32\winlogon.exe[728] USER32.dll!SetWindowsHookExA 767F6DFA 5 Bytes JMP 000C0600
.text C:\Windows\system32\svchost.exe[760] ntdll.dll!LdrUnloadDll 77ADBD1F 5 Bytes JMP 000603FC
.text C:\Windows\system32\svchost.exe[760] ntdll.dll!LdrLoadDll 77ADF425 5 Bytes JMP 000601F8
.text C:\Windows\system32\svchost.exe[760] kernel32.dll!GetBinaryTypeW + 70 769278FC 1 Byte [62]
.text C:\Windows\system32\svchost.exe[852] ntdll.dll!LdrUnloadDll 77ADBD1F 5 Bytes JMP 000603FC
.text C:\Windows\system32\svchost.exe[852] ntdll.dll!LdrLoadDll 77ADF425 5 Bytes JMP 000601F8
.text C:\Windows\system32\svchost.exe[852] kernel32.dll!GetBinaryTypeW + 70 769278FC 1 Byte [62]
.text C:\Windows\system32\atiesrxx.exe[916] ntdll.dll!LdrUnloadDll 77ADBD1F 5 Bytes JMP 001603FC
.text C:\Windows\system32\atiesrxx.exe[916] ntdll.dll!LdrLoadDll 77ADF425 5 Bytes JMP 001601F8
.text C:\Windows\system32\atiesrxx.exe[916] kernel32.dll!GetBinaryTypeW + 70 769278FC 1 Byte [62]
.text C:\Windows\system32\atiesrxx.exe[916] USER32.dll!UnhookWindowsHookEx 767CCC7B 5 Bytes JMP 002F0A08
.text C:\Windows\system32\atiesrxx.exe[916] USER32.dll!UnhookWinEvent 767CD924 5 Bytes JMP 002F03FC
.text C:\Windows\system32\atiesrxx.exe[916] USER32.dll!SetWindowsHookExW 767D210A 5 Bytes JMP 002F0804
.text C:\Windows\system32\atiesrxx.exe[916] USER32.dll!SetWinEventHook 767D507E 5 Bytes JMP 002F01F8
.text C:\Windows\system32\atiesrxx.exe[916] USER32.dll!SetWindowsHookExA 767F6DFA 5 Bytes JMP 002F0600
.text C:\Windows\system32\AUDIODG.EXE[940] ntdll.dll!LdrUnloadDll 77ADBD1F 5 Bytes JMP 000A03FC
.text C:\Windows\system32\AUDIODG.EXE[940] ntdll.dll!LdrLoadDll 77ADF425 5 Bytes JMP 000A01F8
.text C:\Windows\system32\AUDIODG.EXE[940] kernel32.dll!GetBinaryTypeW + 70 769278FC 1 Byte [62]
.text C:\Windows\system32\AUDIODG.EXE[940] USER32.dll!UnhookWindowsHookEx 767CCC7B 5 Bytes JMP 00140A08
.text C:\Windows\system32\AUDIODG.EXE[940] USER32.dll!UnhookWinEvent 767CD924 5 Bytes JMP 001403FC
.text C:\Windows\system32\AUDIODG.EXE[940] USER32.dll!SetWindowsHookExW 767D210A 5 Bytes JMP 00140804
.text C:\Windows\system32\AUDIODG.EXE[940] USER32.dll!SetWinEventHook 767D507E 5 Bytes JMP 001401F8
.text C:\Windows\system32\AUDIODG.EXE[940] USER32.dll!SetWindowsHookExA 767F6DFA 5 Bytes JMP 00140600
.text C:\Windows\System32\svchost.exe[984] ntdll.dll!LdrUnloadDll 77ADBD1F 5 Bytes JMP 000603FC
.text C:\Windows\System32\svchost.exe[984] ntdll.dll!LdrLoadDll 77ADF425 5 Bytes JMP 000601F8
.text C:\Windows\System32\svchost.exe[984] kernel32.dll!GetBinaryTypeW + 70 769278FC 1 Byte [62]
.text C:\Windows\System32\svchost.exe[984] USER32.dll!UnhookWindowsHookEx 767CCC7B 5 Bytes JMP 002B0A08
.text C:\Windows\System32\svchost.exe[984] USER32.dll!UnhookWinEvent 767CD924 5 Bytes JMP 002B03FC
.text C:\Windows\System32\svchost.exe[984] USER32.dll!SetWindowsHookExW 767D210A 5 Bytes JMP 002B0804
.text C:\Windows\System32\svchost.exe[984] USER32.dll!SetWinEventHook 767D507E 5 Bytes JMP 002B01F8
.text C:\Windows\System32\svchost.exe[984] USER32.dll!SetWindowsHookExA 767F6DFA 5 Bytes JMP 002B0600
.text C:\Windows\System32\svchost.exe[1036] ntdll.dll!LdrUnloadDll 77ADBD1F 5 Bytes JMP 000603FC
.text C:\Windows\System32\svchost.exe[1036] ntdll.dll!LdrLoadDll 77ADF425 5 Bytes JMP 000601F8
.text C:\Windows\System32\svchost.exe[1036] kernel32.dll!GetBinaryTypeW + 70 769278FC 1 Byte [62]
.text C:\Windows\System32\svchost.exe[1036] USER32.dll!UnhookWindowsHookEx 767CCC7B 5 Bytes JMP 00940A08
.text C:\Windows\System32\svchost.exe[1036] USER32.dll!UnhookWinEvent 767CD924 5 Bytes JMP 009403FC
.text C:\Windows\System32\svchost.exe[1036] USER32.dll!SetWindowsHookExW 767D210A 5 Bytes JMP 00940804
.text C:\Windows\System32\svchost.exe[1036] USER32.dll!SetWinEventHook 767D507E 5 Bytes JMP 009401F8
.text C:\Windows\System32\svchost.exe[1036] USER32.dll!SetWindowsHookExA 767F6DFA 5 Bytes JMP 00940600
.text C:\Windows\system32\svchost.exe[1064] ntdll.dll!LdrUnloadDll 77ADBD1F 5 Bytes JMP 000603FC
.text C:\Windows\system32\svchost.exe[1064] ntdll.dll!LdrLoadDll 77ADF425 5 Bytes JMP 000601F8
.text C:\Windows\system32\svchost.exe[1064] kernel32.dll!GetBinaryTypeW + 70 769278FC 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1064] USER32.dll!UnhookWindowsHookEx 767CCC7B 5 Bytes JMP 00AF0A08
.text C:\Windows\system32\svchost.exe[1064] USER32.dll!UnhookWinEvent 767CD924 5 Bytes JMP 00AF03FC
.text C:\Windows\system32\svchost.exe[1064] USER32.dll!SetWindowsHookExW 767D210A 5 Bytes JMP 00AF0804
.text C:\Windows\system32\svchost.exe[1064] USER32.dll!SetWinEventHook 767D507E 5 Bytes JMP 00AF01F8
.text C:\Windows\system32\svchost.exe[1064] USER32.dll!SetWindowsHookExA 767F6DFA 5 Bytes JMP 00AF0600
.text C:\Windows\system32\wbem\wmiprvse.exe[1176] ntdll.dll!LdrUnloadDll 77ADBD1F 5 Bytes JMP 000603FC
.text C:\Windows\system32\wbem\wmiprvse.exe[1176] ntdll.dll!LdrLoadDll 77ADF425 5 Bytes JMP 000601F8
.text C:\Windows\system32\wbem\wmiprvse.exe[1176] kernel32.dll!GetBinaryTypeW + 70 769278FC 1 Byte [62]
.text C:\Windows\system32\wbem\wmiprvse.exe[1176] USER32.dll!UnhookWindowsHookEx 767CCC7B 5 Bytes JMP 00110A08
.text C:\Windows\system32\wbem\wmiprvse.exe[1176] USER32.dll!UnhookWinEvent 767CD924 5 Bytes JMP 001103FC
.text C:\Windows\system32\wbem\wmiprvse.exe[1176] USER32.dll!SetWindowsHookExW 767D210A 5 Bytes JMP 00110804
.text C:\Windows\system32\wbem\wmiprvse.exe[1176] USER32.dll!SetWinEventHook 767D507E 5 Bytes JMP 001101F8
.text C:\Windows\system32\wbem\wmiprvse.exe[1176] USER32.dll!SetWindowsHookExA 767F6DFA 5 Bytes JMP 00110600
.text C:\Windows\system32\svchost.exe[1208] ntdll.dll!LdrUnloadDll 77ADBD1F 5 Bytes JMP 000603FC
.text C:\Windows\system32\svchost.exe[1208] ntdll.dll!LdrLoadDll 77ADF425 5 Bytes JMP 000601F8
.text C:\Windows\system32\svchost.exe[1208] kernel32.dll!GetBinaryTypeW + 70 769278FC 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1208] USER32.dll!UnhookWindowsHookEx 767CCC7B 5 Bytes JMP 00570A08
.text C:\Windows\system32\svchost.exe[1208] USER32.dll!UnhookWinEvent 767CD924 5 Bytes JMP 005703FC
.text C:\Windows\system32\svchost.exe[1208] USER32.dll!SetWindowsHookExW 767D210A 5 Bytes JMP 00570804
.text C:\Windows\system32\svchost.exe[1208] USER32.dll!SetWinEventHook 767D507E 5 Bytes JMP 005701F8
.text C:\Windows\system32\svchost.exe[1208] USER32.dll!SetWindowsHookExA 767F6DFA 5 Bytes JMP 00570600
.text C:\Program Files\Sandboxie\SbieSvc.exe[1272] ntdll.dll!LdrUnloadDll 77ADBD1F 5 Bytes JMP 000903FC
.text C:\Program Files\Sandboxie\SbieSvc.exe[1272] ntdll.dll!LdrLoadDll 77ADF425 5 Bytes JMP 000901F8
.text C:\Program Files\Sandboxie\SbieSvc.exe[1272] kernel32.dll!GetBinaryTypeW + 70 769278FC 1 Byte [62]
.text C:\Program Files\Sandboxie\SbieSvc.exe[1272] USER32.dll!UnhookWindowsHookEx 767CCC7B 5 Bytes JMP 00230A08
.text C:\Program Files\Sandboxie\SbieSvc.exe[1272] USER32.dll!UnhookWinEvent 767CD924 5 Bytes JMP 002303FC
.text C:\Program Files\Sandboxie\SbieSvc.exe[1272] USER32.dll!SetWindowsHookExW 767D210A 5 Bytes JMP 00230804
.text C:\Program Files\Sandboxie\SbieSvc.exe[1272] USER32.dll!SetWinEventHook 767D507E 5 Bytes JMP 002301F8
.text C:\Program Files\Sandboxie\SbieSvc.exe[1272] USER32.dll!SetWindowsHookExA 767F6DFA 5 Bytes JMP 00230600
.text C:\Windows\system32\svchost.exe[1416] ntdll.dll!LdrUnloadDll 77ADBD1F 5 Bytes JMP 000603FC
.text C:\Windows\system32\svchost.exe[1416] ntdll.dll!LdrLoadDll 77ADF425 5 Bytes JMP 000601F8
.text C:\Windows\system32\svchost.exe[1416] kernel32.dll!GetBinaryTypeW + 70 769278FC 1 Byte [62]
.text C:\Windows\system32\atieclxx.exe[1432] ntdll.dll!LdrUnloadDll 77ADBD1F 5 Bytes JMP 001603FC
.text C:\Windows\system32\atieclxx.exe[1432] ntdll.dll!LdrLoadDll 77ADF425 5 Bytes JMP 001601F8
.text C:\Windows\system32\atieclxx.exe[1432] kernel32.dll!GetBinaryTypeW + 70 769278FC 1 Byte [62]
.text C:\Windows\system32\atieclxx.exe[1432] USER32.dll!UnhookWindowsHookEx 767CCC7B 5 Bytes JMP 00180A08
.text C:\Windows\system32\atieclxx.exe[1432] USER32.dll!UnhookWinEvent 767CD924 5 Bytes JMP 001803FC
.text C:\Windows\system32\atieclxx.exe[1432] USER32.dll!SetWindowsHookExW 767D210A 5 Bytes JMP 00180804
.text C:\Windows\system32\atieclxx.exe[1432] USER32.dll!SetWinEventHook 767D507E 5 Bytes JMP 001801F8
.text C:\Windows\system32\atieclxx.exe[1432] USER32.dll!SetWindowsHookExA 767F6DFA 5 Bytes JMP 00180600
.text C:\Windows\system32\svchost.exe[1472] ntdll.dll!LdrUnloadDll 77ADBD1F 5 Bytes JMP 000603FC
.text C:\Windows\system32\svchost.exe[1472] ntdll.dll!LdrLoadDll 77ADF425 5 Bytes JMP 000601F8
.text C:\Windows\system32\svchost.exe[1472] kernel32.dll!GetBinaryTypeW + 70 769278FC 1 Byte [62]
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1536] kernel32.dll!SetUnhandledExceptionFilter 769130E2 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1536] kernel32.dll!GetBinaryTypeW + 70 769278FC 1 Byte [62]
.text C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe[1564] ntdll.dll!LdrUnloadDll 77ADBD1F 5 Bytes JMP 001603FC
.text C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe[1564] ntdll.dll!LdrLoadDll 77ADF425 5 Bytes JMP 001601F8
.text C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe[1564] kernel32.dll!GetBinaryTypeW + 70 769278FC 1 Byte [62]
.text C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe[1564] USER32.dll!UnhookWindowsHookEx 767CCC7B 5 Bytes JMP 001F0A08
.text C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe[1564] USER32.dll!UnhookWinEvent 767CD924 5 Bytes JMP 001F03FC
.text C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe[1564] USER32.dll!SetWindowsHookExW 767D210A 5 Bytes JMP 001F0804
.text C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe[1564] USER32.dll!SetWinEventHook 767D507E 5 Bytes JMP 001F01F8
.text C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe[1564] USER32.dll!SetWindowsHookExA 767F6DFA 5 Bytes JMP 001F0600
.text C:\Windows\System32\spoolsv.exe[1744] ntdll.dll!LdrUnloadDll 77ADBD1F 5 Bytes JMP 000603FC
.text C:\Windows\System32\spoolsv.exe[1744] ntdll.dll!LdrLoadDll 77ADF425 5 Bytes JMP 000601F8
.text C:\Windows\System32\spoolsv.exe[1744] kernel32.dll!GetBinaryTypeW + 70 769278FC 1 Byte [62]
.text C:\Windows\System32\spoolsv.exe[1744] USER32.dll!UnhookWindowsHookEx 767CCC7B 5 Bytes JMP 00090A08
.text C:\Windows\System32\spoolsv.exe[1744] USER32.dll!UnhookWinEvent 767CD924 5 Bytes JMP 000903FC
.text C:\Windows\System32\spoolsv.exe[1744] USER32.dll!SetWindowsHookExW 767D210A 3 Bytes JMP 00090804
.text C:\Windows\System32\spoolsv.exe[1744] USER32.dll!SetWindowsHookExW + 4 767D210E 1 Byte [89]
.text C:\Windows\System32\spoolsv.exe[1744] USER32.dll!SetWinEventHook 767D507E 3 Bytes JMP 000901F8
.text C:\Windows\System32\spoolsv.exe[1744] USER32.dll!SetWinEventHook + 4 767D5082 1 Byte [89]
.text C:\Windows\System32\spoolsv.exe[1744] USER32.dll!SetWindowsHookExA 767F6DFA 5 Bytes JMP 00090600
.text C:\Windows\system32\svchost.exe[1772] ntdll.dll!LdrUnloadDll 77ADBD1F 5 Bytes JMP 000603FC
.text C:\Windows\system32\svchost.exe[1772] ntdll.dll!LdrLoadDll 77ADF425 5 Bytes JMP 000601F8
.text C:\Windows\system32\svchost.exe[1772] kernel32.dll!GetBinaryTypeW + 70 769278FC 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1772] USER32.dll!UnhookWindowsHookEx 767CCC7B 5 Bytes JMP 00210A08
.text C:\Windows\system32\svchost.exe[1772] USER32.dll!UnhookWinEvent 767CD924 5 Bytes JMP 002103FC
.text C:\Windows\system32\svchost.exe[1772] USER32.dll!SetWindowsHookExW 767D210A 5 Bytes JMP 00210804
.text C:\Windows\system32\svchost.exe[1772] USER32.dll!SetWinEventHook 767D507E 5 Bytes JMP 002101F8
.text C:\Windows\system32\svchost.exe[1772] USER32.dll!SetWindowsHookExA 767F6DFA 5 Bytes JMP 00210600
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1848] ntdll.dll!LdrUnloadDll 77ADBD1F 5 Bytes JMP 000603FC
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1848] ntdll.dll!LdrLoadDll 77ADF425 5 Bytes JMP 000601F8
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1848] kernel32.dll!GetBinaryTypeW + 70 769278FC 1 Byte [62]
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1848] USER32.dll!UnhookWindowsHookEx 767CCC7B 5 Bytes JMP 00090A08
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1848] USER32.dll!UnhookWinEvent 767CD924 5 Bytes JMP 000903FC
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1848] USER32.dll!SetWindowsHookExW 767D210A 3 Bytes JMP 00090804
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1848] USER32.dll!SetWindowsHookExW + 4 767D210E 1 Byte [89]
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1848] USER32.dll!SetWinEventHook 767D507E 3 Bytes JMP 000901F8
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1848] USER32.dll!SetWinEventHook + 4 767D5082 1 Byte [89]
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1848] USER32.dll!SetWindowsHookExA 767F6DFA 5 Bytes JMP 00090600
.text C:\Users\****\Desktop\v7pnp6d1.exe[1876] kernel32.dll!GetBinaryTypeW + 70 769278FC 1 Byte [62]
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1896] ntdll.dll!LdrUnloadDll 77ADBD1F 5 Bytes JMP 000603FC
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1896] ntdll.dll!LdrLoadDll 77ADF425 5 Bytes JMP 000601F8
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1896] kernel32.dll!GetBinaryTypeW + 70 769278FC 1 Byte [62]
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1896] USER32.dll!UnhookWindowsHookEx 767CCC7B 5 Bytes JMP 000A0A08
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1896] USER32.dll!UnhookWinEvent 767CD924 5 Bytes JMP 000A03FC
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1896] USER32.dll!SetWindowsHookExW 767D210A 5 Bytes JMP 000A0804
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1896] USER32.dll!SetWinEventHook 767D507E 5 Bytes JMP 000A01F8
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1896] USER32.dll!SetWindowsHookExA 767F6DFA 5 Bytes JMP 000A0600
.text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[1916] KERNEL32.dll!GetBinaryTypeW + 70 769278FC 1 Byte [62]
.text C:\Program Files\LogMeIn Hamachi\hamachi-2.exe[1944] ntdll.dll!LdrUnloadDll 77ADBD1F 5 Bytes JMP 001603FC
.text C:\Program Files\LogMeIn Hamachi\hamachi-2.exe[1944] ntdll.dll!LdrLoadDll 77ADF425 5 Bytes JMP 001601F8
.text C:\Program Files\LogMeIn Hamachi\hamachi-2.exe[1944] kernel32.dll!GetBinaryTypeW + 70 769278FC 1 Byte [62]
.text C:\Program Files\LogMeIn Hamachi\hamachi-2.exe[1944] USER32.dll!UnhookWindowsHookEx 767CCC7B 5 Bytes JMP 002F0A08
.text C:\Program Files\LogMeIn Hamachi\hamachi-2.exe[1944] USER32.dll!UnhookWinEvent 767CD924 5 Bytes JMP 002F03FC
.text C:\Program Files\LogMeIn Hamachi\hamachi-2.exe[1944] USER32.dll!SetWindowsHookExW 767D210A 5 Bytes JMP 002F0804
.text C:\Program Files\LogMeIn Hamachi\hamachi-2.exe[1944] USER32.dll!SetWinEventHook 767D507E 5 Bytes JMP 002F01F8
.text C:\Program Files\LogMeIn Hamachi\hamachi-2.exe[1944] USER32.dll!SetWindowsHookExA 767F6DFA 5 Bytes JMP 002F0600
.text C:\Windows\system32\wuauclt.exe[1960] ntdll.dll!LdrUnloadDll 77ADBD1F 5 Bytes JMP 000703FC
.text C:\Windows\system32\wuauclt.exe[1960] ntdll.dll!LdrLoadDll 77ADF425 5 Bytes JMP 000701F8
.text C:\Windows\system32\wuauclt.exe[1960] kernel32.dll!GetBinaryTypeW + 70 769278FC 1 Byte [62]
.text C:\Windows\system32\wuauclt.exe[1960] USER32.dll!UnhookWindowsHookEx 767CCC7B 5 Bytes JMP 00100A08
.text C:\Windows\system32\wuauclt.exe[1960] USER32.dll!UnhookWinEvent 767CD924 5 Bytes JMP 001003FC
.text C:\Windows\system32\wuauclt.exe[1960] USER32.dll!SetWindowsHookExW 767D210A 5 Bytes JMP 00100804
.text C:\Windows\system32\wuauclt.exe[1960] USER32.dll!SetWinEventHook 767D507E 5 Bytes JMP 001001F8
.text C:\Windows\system32\wuauclt.exe[1960] USER32.dll!SetWindowsHookExA 767F6DFA 5 Bytes JMP 00100600
.text C:\Windows\system32\PnkBstrA.exe[2012] ntdll.dll!LdrUnloadDll 77ADBD1F 5 Bytes JMP 001503FC
.text C:\Windows\system32\PnkBstrA.exe[2012] ntdll.dll!LdrLoadDll 77ADF425 5 Bytes JMP 001501F8
.text C:\Windows\system32\PnkBstrA.exe[2012] kernel32.dll!GetBinaryTypeW + 70 769278FC 1 Byte [62]
.text C:\Windows\system32\PnkBstrA.exe[2012] USER32.dll!UnhookWindowsHookEx 767CCC7B 5 Bytes JMP 001F0A08
.text C:\Windows\system32\PnkBstrA.exe[2012] USER32.dll!UnhookWinEvent 767CD924 5 Bytes JMP 001F03FC
.text C:\Windows\system32\PnkBstrA.exe[2012] USER32.dll!SetWindowsHookExW 767D210A 5 Bytes JMP 001F0804
.text C:\Windows\system32\PnkBstrA.exe[2012] USER32.dll!SetWinEventHook 767D507E 5 Bytes JMP 001F01F8
.text C:\Windows\system32\PnkBstrA.exe[2012] USER32.dll!SetWindowsHookExA 767F6DFA 5 Bytes JMP 001F0600
.text C:\Program Files\Mozilla Firefox\firefox.exe[2244] ntdll.dll!LdrLoadDll 77ADF425 5 Bytes JMP 58259720 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2244] kernel32.dll!MapViewOfFile 7690C05C 5 Bytes JMP 5848E1F4 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2244] kernel32.dll!VirtualAlloc 76910594 5 Bytes JMP 5848E21B C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2244] kernel32.dll!GetBinaryTypeW + 70 769278FC 1 Byte [62]
.text C:\Program Files\Mozilla Firefox\firefox.exe[2244] GDI32.dll!CreateDIBSection 76CC85F0 5 Bytes JMP 5848E17E C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Windows\System32\svchost.exe[2320] ntdll.dll!LdrUnloadDll 77ADBD1F 5 Bytes JMP 000603FC
.text C:\Windows\System32\svchost.exe[2320] ntdll.dll!LdrLoadDll 77ADF425 5 Bytes JMP 000601F8
.text C:\Windows\System32\svchost.exe[2320] kernel32.dll!GetBinaryTypeW + 70 769278FC 1 Byte [62]
.text C:\Windows\System32\svchost.exe[2320] USER32.dll!UnhookWindowsHookEx 767CCC7B 5 Bytes JMP 00210A08
.text C:\Windows\System32\svchost.exe[2320] USER32.dll!UnhookWinEvent 767CD924 5 Bytes JMP 002103FC
.text C:\Windows\System32\svchost.exe[2320] USER32.dll!SetWindowsHookExW 767D210A 5 Bytes JMP 00210804
.text C:\Windows\System32\svchost.exe[2320] USER32.dll!SetWinEventHook 767D507E 5 Bytes JMP 002101F8
.text C:\Windows\System32\svchost.exe[2320] USER32.dll!SetWindowsHookExA 767F6DFA 5 Bytes JMP 00210600
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2328] ntdll.dll!LdrUnloadDll 77ADBD1F 5 Bytes JMP 000603FC
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2328] ntdll.dll!LdrLoadDll 77ADF425 5 Bytes JMP 000601F8
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2328] kernel32.dll!GetBinaryTypeW + 70 769278FC 1 Byte [62]
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2328] USER32.dll!UnhookWindowsHookEx 767CCC7B 5 Bytes JMP 001C0A08
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2328] USER32.dll!UnhookWinEvent 767CD924 5 Bytes JMP 001C03FC
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2328] USER32.dll!SetWindowsHookExW 767D210A 5 Bytes JMP 001C0804
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2328] USER32.dll!SetWinEventHook 767D507E 5 Bytes JMP 001C01F8
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2328] USER32.dll!GetWindowInfo 767D6A82 5 Bytes JMP 583CFE0A C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2328] USER32.dll!TrackPopupMenu 767F4B3B 5 Bytes JMP 583D03C5 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2328] USER32.dll!SetWindowsHookExA 767F6DFA 5 Bytes JMP 001C0600
.text C:\Windows\system32\taskhost.exe[2512] ntdll.dll!LdrUnloadDll 77ADBD1F 5 Bytes JMP 000503FC
.text C:\Windows\system32\taskhost.exe[2512] ntdll.dll!LdrLoadDll 77ADF425 5 Bytes JMP 000501F8
.text C:\Windows\system32\taskhost.exe[2512] kernel32.dll!GetBinaryTypeW + 70 769278FC 1 Byte [62]
.text C:\Windows\system32\taskhost.exe[2512] USER32.dll!UnhookWindowsHookEx 767CCC7B 5 Bytes JMP 000E0A08
.text C:\Windows\system32\taskhost.exe[2512] USER32.dll!UnhookWinEvent 767CD924 5 Bytes JMP 000E03FC
.text C:\Windows\system32\taskhost.exe[2512] USER32.dll!SetWindowsHookExW 767D210A 5 Bytes JMP 000E0804
.text C:\Windows\system32\taskhost.exe[2512] USER32.dll!SetWinEventHook 767D507E 5 Bytes JMP 000E01F8
.text C:\Windows\system32\taskhost.exe[2512] USER32.dll!SetWindowsHookExA 767F6DFA 5 Bytes JMP 000E0600
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[2560] KERNEL32.dll!GetBinaryTypeW + 70 769278FC 1 Byte [62]
.text C:\Windows\system32\svchost.exe[2720] ntdll.dll!LdrUnloadDll 77ADBD1F 5 Bytes JMP 000603FC
.text C:\Windows\system32\svchost.exe[2720] ntdll.dll!LdrLoadDll 77ADF425 5 Bytes JMP 000601F8
.text C:\Windows\system32\svchost.exe[2720] kernel32.dll!GetBinaryTypeW + 70 769278FC 1 Byte [62]
.text C:\Windows\system32\svchost.exe[2720] USER32.dll!UnhookWindowsHookEx 767CCC7B 5 Bytes JMP 00170A08
.text C:\Windows\system32\svchost.exe[2720] USER32.dll!UnhookWinEvent 767CD924 5 Bytes JMP 001703FC
.text C:\Windows\system32\svchost.exe[2720] USER32.dll!SetWindowsHookExW 767D210A 5 Bytes JMP 00170804
.text C:\Windows\system32\svchost.exe[2720] USER32.dll!SetWinEventHook 767D507E 5 Bytes JMP 001701F8
.text C:\Windows\system32\svchost.exe[2720] USER32.dll!SetWindowsHookExA 767F6DFA 5 Bytes JMP 00170600
.text C:\Windows\system32\Dwm.exe[2876] ntdll.dll!LdrUnloadDll 77ADBD1F 5 Bytes JMP 000603FC
.text C:\Windows\system32\Dwm.exe[2876] ntdll.dll!LdrLoadDll 77ADF425 5 Bytes JMP 000601F8
.text C:\Windows\system32\Dwm.exe[2876] kernel32.dll!GetBinaryTypeW + 70 769278FC 1 Byte [62]
.text C:\Windows\system32\Dwm.exe[2876] USER32.dll!UnhookWindowsHookEx 767CCC7B 5 Bytes JMP 000F0A08
.text C:\Windows\system32\Dwm.exe[2876] USER32.dll!UnhookWinEvent 767CD924 5 Bytes JMP 000F03FC
.text C:\Windows\system32\Dwm.exe[2876] USER32.dll!SetWindowsHookExW 767D210A 5 Bytes JMP 000F0804
.text C:\Windows\system32\Dwm.exe[2876] USER32.dll!SetWinEventHook 767D507E 5 Bytes JMP 000F01F8
.text C:\Windows\system32\Dwm.exe[2876] USER32.dll!SetWindowsHookExA 767F6DFA 5 Bytes JMP 000F0600
.text C:\Windows\Explorer.EXE[3000] ntdll.dll!LdrUnloadDll 77ADBD1F 5 Bytes JMP 002F03FC
.text C:\Windows\Explorer.EXE[3000] ntdll.dll!LdrLoadDll 77ADF425 5 Bytes JMP 002F01F8
.text C:\Windows\Explorer.EXE[3000] kernel32.dll!GetBinaryTypeW + 70 769278FC 1 Byte [62]
.text C:\Windows\Explorer.EXE[3000] USER32.dll!UnhookWindowsHookEx 767CCC7B 5 Bytes JMP 003A0A08
.text C:\Windows\Explorer.EXE[3000] USER32.dll!UnhookWinEvent 767CD924 5 Bytes JMP 003A03FC
.text C:\Windows\Explorer.EXE[3000] USER32.dll!SetWindowsHookExW 767D210A 5 Bytes JMP 003A0804
.text C:\Windows\Explorer.EXE[3000] USER32.dll!SetWinEventHook 767D507E 5 Bytes JMP 003A01F8
.text C:\Windows\Explorer.EXE[3000] USER32.dll!SetWindowsHookExA 767F6DFA 5 Bytes JMP 003A0600
.text C:\Windows\system32\taskhost.exe[3112] ntdll.dll!LdrUnloadDll 77ADBD1F 5 Bytes JMP 000503FC
.text C:\Windows\system32\taskhost.exe[3112] ntdll.dll!LdrLoadDll 77ADF425 5 Bytes JMP 000501F8
.text C:\Windows\system32\taskhost.exe[3112] kernel32.dll!GetBinaryTypeW + 70 769278FC 1 Byte [62]
.text C:\Windows\system32\taskhost.exe[3112] USER32.dll!UnhookWindowsHookEx 767CCC7B 5 Bytes JMP 00080A08
.text C:\Windows\system32\taskhost.exe[3112] USER32.dll!UnhookWinEvent 767CD924 5 Bytes JMP 000803FC
.text C:\Windows\system32\taskhost.exe[3112] USER32.dll!SetWindowsHookExW 767D210A 5 Bytes JMP 00080804
.text C:\Windows\system32\taskhost.exe[3112] USER32.dll!SetWinEventHook 767D507E 5 Bytes JMP 000801F8
.text C:\Windows\system32\taskhost.exe[3112] USER32.dll!SetWindowsHookExA 767F6DFA 5 Bytes JMP 00080600
.text C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe[3384] ntdll.dll!LdrUnloadDll 77ADBD1F 5 Bytes JMP 001603FC
.text C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe[3384] ntdll.dll!LdrLoadDll 77ADF425 5 Bytes JMP 001601F8
.text C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe[3384] kernel32.dll!GetBinaryTypeW + 70 769278FC 1 Byte [62]
.text C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe[3384] USER32.dll!UnhookWindowsHookEx 767CCC7B 5 Bytes JMP 00360A08
.text C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe[3384] USER32.dll!UnhookWinEvent 767CD924 5 Bytes JMP 003603FC
.text C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe[3384] USER32.dll!SetWindowsHookExW 767D210A 5 Bytes JMP 00360804
.text C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe[3384] USER32.dll!SetWinEventHook 767D507E 5 Bytes JMP 003601F8
.text C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe[3384] USER32.dll!SetWindowsHookExA 767F6DFA 5 Bytes JMP 00360600
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[3432] kernel32.dll!GetBinaryTypeW + 70 769278FC 1 Byte [62]
.text C:\Windows\system32\SearchIndexer.exe[3584] ntdll.dll!LdrUnloadDll 77ADBD1F 5 Bytes JMP 000603FC
.text C:\Windows\system32\SearchIndexer.exe[3584] ntdll.dll!LdrLoadDll 77ADF425 5 Bytes JMP 000601F8
.text C:\Windows\system32\SearchIndexer.exe[3584] kernel32.dll!GetBinaryTypeW + 70 769278FC 1 Byte [62]
.text C:\Windows\system32\SearchIndexer.exe[3584] USER32.dll!UnhookWindowsHookEx 767CCC7B 5 Bytes JMP 00150A08
.text C:\Windows\system32\SearchIndexer.exe[3584] USER32.dll!UnhookWinEvent 767CD924 5 Bytes JMP 001503FC
.text C:\Windows\system32\SearchIndexer.exe[3584] USER32.dll!SetWindowsHookExW 767D210A 5 Bytes JMP 00150804
.text C:\Windows\system32\SearchIndexer.exe[3584] USER32.dll!SetWinEventHook 767D507E 5 Bytes JMP 001501F8
.text C:\Windows\system32\SearchIndexer.exe[3584] USER32.dll!SetWindowsHookExA 767F6DFA 5 Bytes JMP 00150600
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[4036] KERNEL32.dll!GetBinaryTypeW + 70 769278FC 1 Byte [62]
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)
Device \Driver\ACPI_HAL \Device\00000051 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
---- Files - GMER 1.0.15 ----
File C:\avast! sandbox 0 bytes
File C:\avast! sandbox\S-1-5-21-2709026904-2300073761-1837081891-1000 0 bytes
File C:\avast! sandbox\S-1-5-21-2709026904-2300073761-1837081891-1000\r267 0 bytes
File C:\avast! sandbox\S-1-5-21-2709026904-2300073761-1837081891-1000\r267\PEV.DAT_{fab77c91-92aa-11e1-9930-0025229459ae} 0 bytes
File C:\avast! sandbox\S-1-5-21-2709026904-2300073761-1837081891-1000\r267\PEV.DAT_{fab77cab-92aa-11e1-9930-0025229459ae} 0 bytes
File C:\avast! sandbox\snx_rhive 262144 bytes
File C:\avast! sandbox\snx_rhive.LOG1 5120 bytes
File C:\avast! sandbox\snx_rhive.LOG2 0 bytes
File C:\avast! sandbox\snx_rhive{fab77c93-92aa-11e1-9930-0025229459ae}.TM.blf 65536 bytes
File C:\avast! sandbox\snx_rhive{fab77c93-92aa-11e1-9930-0025229459ae}.TMContainer00000000000000000001.regtrans-ms 524288 bytes
File C:\avast! sandbox\snx_rhive{fab77c93-92aa-11e1-9930-0025229459ae}.TMContainer00000000000000000002.regtrans-ms 524288 bytes
 |
|
01.05.2012, 14:06
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Starker Verdacht auf Virus/Trojaner Bitte erstmal routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen! Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden. Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten! ESET Online Scanner
Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
01.05.2012, 19:45
| #5 |
| | Starker Verdacht auf Virus/Trojaner Servus, tut mir leid das ich jetzt erst antworte, die Scans haben ewig gedauert  Hier die Ergebnisse: ESET Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=1494124cc92bd548aa1ba7646097929e
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-05-01 06:39:14
# local_time=2012-05-01 08:39:14 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7600 NT
# compatibility_mode=5893 16776573 100 94 1365 88326770 0 0
# compatibility_mode=8192 67108863 100 0 241 241 0 0
# scanned=195866
# found=5
# cleaned=0
# scan_time=5927
C:\ProgramData\TmForever\Cache\0FE870AD2DFE199A115E0F2542758E69_www.fileden.com%5cfiles%5c2007%5c3%5c27%5c930376%5cfunteamad.png HTML/Iframe.B.Gen virus (unable to clean) 00000000000000000000000000000000 I
C:\Sandbox\****\DefaultBox\drive\C\Windows\system32\install\WindowsUpdater.exe probably a variant of Win32/TrojanDropper.VB.GADMGGH trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\All Users\TmForever\Cache\0FE870AD2DFE199A115E0F2542758E69_www.fileden.com%5cfiles%5c2007%5c3%5c27%5c930376%5cfunteamad.png HTML/Iframe.B.Gen virus (unable to clean) 00000000000000000000000000000000 I
C:\Users\****\AppData\Local\Temp\jar_cache3327211295830174052.tmp Java/Exploit.CVE-2012-0507.D trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\****\AppData\Local\Temp\Main.class a variant of Java/TrojanDownloader.Agent.NEC trojan (unable to clean) 00000000000000000000000000000000 I
Code:
ATTFilter Malwarebytes Anti-Malware 1.61.0.1400 www.malwarebytes.org Datenbank Version: v2012.05.01.09 Windows 7 x86 NTFS Internet Explorer 9.0.8112.16421 **** :: **** [Administrator] 01.05.2012 17:40:42 mbam-log-2012-05-01 (17-40-42).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 355621 Laufzeit: 1 Stunde(n), 13 Minute(n), 52 Sekunde(n) [Abgebrochen] Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{007D5165-2504-47F8-9C7C-854EE0914DDF} : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{17C25BBA-AB76-4DFC-BC39-D08E14B664D4}\57E6A756E6762757265627 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{17C25BBA-AB76-4DFC-BC39-D08E14B664D4}\64259445A51224F6870275C414E40233033303 : DhcpNameServer = 192.168.178.1
TCP: Interfaces\{17C25BBA-AB76-4DFC-BC39-D08E14B664D4}\B4572616D275C414E4 : DhcpNameServer = 192.168.178.1
TCP: Interfaces\{1B35AB03-FB5D-4CEC-9676-FB06B274D7F1} : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{1B35AB03-FB5D-4CEC-9676-FB06B274D7F1}\16577656 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{1B35AB03-FB5D-4CEC-9676-FB06B274D7F1}\75C414E4D2131303243383 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{1B35AB03-FB5D-4CEC-9676-FB06B274D7F1}\B4572616D275C414E4 : DhcpNameServer = 192.168.178.1
TCP: Interfaces\{46474865-D3E9-44C0-825C-C49669E17E4E} : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{62B1F67C-720E-4910-9143-FC4B0B1434D0} : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{62B1F67C-720E-4910-9143-FC4B0B1434D0}\75C414E4D2131303243383 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{62B1F67C-720E-4910-9143-FC4B0B1434D0}\D496B6B6F6C69636A71224F68702 : DhcpNameServer = 192.168.178.1
TCP: Interfaces\{B6BD8B91-C2D2-4A2A-A256-C158072F3593} : DhcpNameServer = 192.168.2.1
Grüße! |
|
02.05.2012, 12:34
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Starker Verdacht auf Virus/Trojaner Malwarebytes erstellt bei jedem Scanvorgang genau ein Log. Hast du in der Vergangenheit schonmal mit Malwarebytes gescannt? Wenn ja dann stehen auch alle Logs zu jedem Scanvorgang im Reiter Logdateien. Bitte alle posten, die dort sichtbar sind.
__________________ --> Starker Verdacht auf Virus/Trojaner |
|
02.05.2012, 13:21
| #7 |
| | Starker Verdacht auf Virus/Trojaner Das war der erste Fullscan, ansonsten habe ich Malwarebytes immer nur für einzelne Dateien verwendet. |
|
02.05.2012, 14:03
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Starker Verdacht auf Virus/Trojaner Hätte da mal zwei Fragen bevor es weiter geht 1.) Geht der normale Modus uneingeschränkt? 2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
02.05.2012, 14:11
| #9 |
| | Starker Verdacht auf Virus/Trojaner Das ist ja das komische, ich bin mir sicher das mit meinem Rechner was faul ist, aber im Startmenü ist alles vorhanden und es funktioniert auch alles wunderbar.. |
|
02.05.2012, 14:48
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Starker Verdacht auf Virus/Trojaner Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
__________________ Logfiles bitte immer in CODE-Tags posten |
|
02.05.2012, 16:13
| #11 |
| | Starker Verdacht auf Virus/TrojanerCode:
ATTFilter OTL logfile created on: 02.05.2012 15:58:44 - Run 1 OTL by OldTimer - Version 3.2.42.2 Folder = C:\Users\****\Downloads Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,50 Gb Total Physical Memory | 2,41 Gb Available Physical Memory | 68,89% Memory free 7,00 Gb Paging File | 5,59 Gb Available in Paging File | 79,92% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 931,41 Gb Total Space | 393,25 Gb Free Space | 42,22% Space Free | Partition Type: NTFS Computer Name:****-PC | User Name: **** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.05.02 15:56:29 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\****\Downloads\OTL.exe PRC - [2012.03.07 01:15:17 | 004,241,512 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastUI.exe PRC - [2012.03.07 01:15:14 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe PRC - [2012.02.28 18:38:52 | 001,373,576 | ---- | M] (LogMeIn Inc.) -- C:\Programme\LogMeIn Hamachi\hamachi-2.exe PRC - [2011.12.06 05:12:16 | 000,404,992 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe PRC - [2011.12.06 05:11:44 | 000,163,328 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe PRC - [2011.12.05 23:13:56 | 000,291,840 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe PRC - [2011.11.23 15:17:10 | 000,072,976 | ---- | M] (SANDBOXIE L.T.D) -- C:\Programme\Sandboxie\SbieSvc.exe PRC - [2011.08.30 18:18:30 | 002,358,656 | ---- | M] (TeamViewer GmbH) -- C:\Programme\TeamViewer\Version6\TeamViewer_Service.exe PRC - [2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2010.09.21 14:03:14 | 001,710,464 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE PRC - [2010.09.21 14:03:14 | 000,193,408 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE PRC - [2009.12.04 15:48:54 | 001,728,512 | ---- | M] (VIA) -- C:\Programme\VIA\VIAudioi\VDeck\VDeck.exe PRC - [2009.07.14 03:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2009.07.14 03:14:24 | 000,157,184 | ---- | M] (Microsoft Corporation) -- c:\Programme\Windows Defender\MpCmdRun.exe PRC - [2009.07.14 03:14:12 | 000,100,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\audiodg.exe ========== Modules (No Company Name) ========== MOD - [2012.04.12 19:19:47 | 000,240,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\be286ce65226e3b86d3a90bc516a5adc\WindowsFormsIntegration.ni.dll MOD - [2012.04.12 09:52:54 | 011,824,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\cdc38572fd6c34cb3033fb419eff3639\System.Web.ni.dll MOD - [2012.04.12 09:52:41 | 014,322,688 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\d932bdb0712c33e0000c75035dbe74d1\PresentationFramework.ni.dll MOD - [2012.04.12 09:52:17 | 012,431,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\5c37600b4ae4ffeaeff645bb16a58137\System.Windows.Forms.ni.dll MOD - [2012.04.12 09:52:12 | 001,590,784 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\b7bec10dca3f27113cc91c24b79c8f75\System.Drawing.ni.dll MOD - [2012.04.12 09:52:08 | 012,216,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\66fdd11e758f6c833fbc173338c1ff5b\PresentationCore.ni.dll MOD - [2012.02.15 18:02:28 | 002,295,296 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\a25e06e527720656434230d3ee420427\System.Core.ni.dll MOD - [2012.02.15 17:17:36 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\6954c7f14ea634672cdacf2cd793497e\PresentationFramework.Aero.ni.dll MOD - [2012.02.15 17:17:24 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\0a894f77b9aa64acbd3ce791916357d8\System.Runtime.Remoting.ni.dll MOD - [2012.02.15 17:16:47 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\585ac5899ab444221c8b41df13b194bc\WindowsBase.ni.dll MOD - [2012.02.15 17:16:42 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d49f4cb0755ccc34cd35ff96dc2ef9e3\System.Xml.ni.dll MOD - [2012.02.15 17:16:40 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\15742b3597258ce67cbe219005c197e5\System.Configuration.ni.dll MOD - [2012.02.15 17:16:38 | 007,952,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\1f14b3e1ee0847f8662f513e67f92547\System.ni.dll MOD - [2011.12.05 23:14:02 | 000,095,232 | ---- | M] () -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll MOD - [2011.12.05 23:10:38 | 000,369,152 | ---- | M] () -- C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll MOD - [2011.10.13 19:10:12 | 000,060,928 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\fccf285ecdd9091a3f8d5e73d79c3300\UIAutomationProvider.ni.dll MOD - [2011.10.13 19:08:58 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\1b31ced9bb880d94fff1c6d47c16a81e\mscorlib.ni.dll MOD - [2009.11.03 11:11:50 | 047,628,288 | ---- | M] () -- C:\Programme\VIA\VIAudioi\VDeck\skin.dll MOD - [2009.07.14 10:47:20 | 000,249,856 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\PresentationFramework.resources\3.0.0.0_de_31bf3856ad364e35\PresentationFramework.resources.dll MOD - [2009.07.14 10:47:13 | 000,434,176 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll MOD - [2009.07.14 10:47:12 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2009.07.14 10:47:12 | 000,208,896 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll MOD - [2009.05.07 16:53:18 | 000,106,496 | ---- | M] () -- C:\Programme\VIA\VIAudioi\VDeck\Dts2ApoApi.dll MOD - [2009.05.07 16:50:46 | 000,073,728 | ---- | M] () -- C:\Programme\VIA\VIAudioi\VDeck\QsApoApi.dll MOD - [2008.02.14 13:57:00 | 000,094,208 | ---- | M] () -- C:\Programme\VIA\VIAudioi\VDeck\VMicApi.dll ========== Win32 Services (SafeList) ========== SRV - File not found [Auto | Stopped] -- C:\Program Files\CPUCooL\CooLSrv.exe -- (CPUCooLServer) SRV - [2012.03.24 18:03:20 | 000,489,256 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2012.03.07 01:15:14 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Programme\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus) SRV - [2012.02.28 18:38:52 | 001,373,576 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Programme\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc) SRV - [2011.12.06 05:11:44 | 000,163,328 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility) SRV - [2011.12.05 23:13:56 | 000,291,840 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service) SRV - [2011.11.23 15:17:10 | 000,072,976 | ---- | M] (SANDBOXIE L.T.D) [Auto | Running] -- C:\Programme\Sandboxie\SbieSvc.exe -- (SbieSvc) SRV - [2011.08.30 18:18:30 | 002,358,656 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Programme\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6) SRV - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2010.09.21 14:03:14 | 001,710,464 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2009.07.14 03:14:47 | 001,121,280 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Garena\safedrv.sys -- (GGSAFERDriver) DRV - [2012.03.07 01:03:51 | 000,612,184 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx) DRV - [2012.03.07 01:03:38 | 000,337,880 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP) DRV - [2012.03.07 01:02:14 | 000,044,376 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr2.sys -- (aswRdr) DRV - [2012.03.07 01:01:53 | 000,053,848 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi) DRV - [2012.03.07 01:01:48 | 000,057,688 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt) DRV - [2012.03.07 01:01:30 | 000,020,696 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk) DRV - [2012.01.16 14:58:51 | 000,218,688 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV - [2011.12.06 05:44:22 | 009,067,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag) DRV - [2011.12.06 04:11:50 | 000,264,192 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap) DRV - [2011.11.23 15:17:08 | 000,131,856 | ---- | M] (SANDBOXIE L.T.D) [Kernel | On_Demand | Running] -- C:\Programme\Sandboxie\SbieDrv.sys -- (SbieDrv) DRV - [2011.11.10 19:32:00 | 000,095,304 | ---- | M] (MotioninJoy) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MijXfilt.sys -- (MotioninJoyXFilter) DRV - [2011.10.17 19:40:44 | 000,085,520 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtihdW73.sys -- (AtiHDAudioService) DRV - [2011.08.06 15:37:45 | 000,279,712 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt) DRV - [2011.08.06 15:37:00 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt) DRV - [2011.06.24 07:25:26 | 000,039,424 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\i386\aoddriver2.sys -- (AODDriver4.01) DRV - [2010.11.11 21:19:24 | 000,021,080 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\ntiopnp.sys -- (ntiopnp) DRV - [2010.09.16 19:33:40 | 001,559,552 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athur.sys -- (athur) DRV - [2010.08.10 15:49:36 | 000,011,392 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\ntiomin.sys -- (ntiomin) DRV - [2010.02.18 09:18:22 | 000,037,944 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\amdiox86.sys -- (amdiox86) DRV - [2010.01.06 17:20:00 | 000,583,680 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RTL8192su.sys -- (RTL8192su) DRV - [2009.11.25 21:02:46 | 001,108,480 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\viahduaa.sys -- (VIAHdAudAddService) DRV - [2009.11.18 18:09:52 | 000,376,832 | ---- | M] (NETGEAR Inc. ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wg111v3.sys -- (RTL8187B) DRV - [2009.07.14 01:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2009.07.14 00:02:53 | 000,545,792 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netr73.sys -- (netr73) DRV - [2009.07.14 00:02:52 | 000,347,264 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvm62x32.sys -- (NVENETFD) DRV - [2009.04.30 13:06:56 | 000,287,008 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmf6232.sys -- (NVNET) DRV - [2009.03.18 17:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4 IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2709026904-2300073761-1837081891-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.facemoods.com/?a=ddrnw IE - HKU\S-1-5-21-2709026904-2300073761-1837081891-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\S-1-5-21-2709026904-2300073761-1837081891-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKU\S-1-5-21-2709026904-2300073761-1837081891-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C1 D7 05 63 4A 55 CC 01 [binary data] IE - HKU\S-1-5-21-2709026904-2300073761-1837081891-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-2709026904-2300073761-1837081891-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-2709026904-2300073761-1837081891-1000\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4 IE - HKU\S-1-5-21-2709026904-2300073761-1837081891-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Facemoods Search" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "hxxp://start.facemoods.com/?a=ddrnw" FF - prefs.js..network.proxy.http: "70.89.2.57" FF - prefs.js..network.proxy.http_port: 8080 FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\****\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012.03.25 16:33:51 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.03.20 20:18:28 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.06.01 20:00:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\****\AppData\Roaming\mozilla\Extensions [2012.05.01 00:54:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\wxoysspe.default\extensions [2012.03.04 19:17:15 | 000,000,000 | ---D | M] (WOT) -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\wxoysspe.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2011.07.22 22:51:44 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\wxoysspe.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2012.05.01 00:54:26 | 000,000,000 | ---D | M] (Bitdefender QuickScan) -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\wxoysspe.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360} [2012.03.01 17:52:40 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\wxoysspe.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781} [2011.07.22 18:40:06 | 000,000,000 | ---D | M] (Battlefield Play4Free) -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\wxoysspe.default\extensions\battlefieldplay4free@ea.com [2012.01.16 01:08:51 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.03.25 16:33:51 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF () (No name found) -- C:\USERS\****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WXOYSSPE.DEFAULT\EXTENSIONS\{46551EC9-40F0-4E47-8E18-8E5CF550CFB8}.XPI () (No name found) -- C:\USERS\****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WXOYSSPE.DEFAULT\EXTENSIONS\DIVXWEBPLAYER@DIVX.COM.XPI [2012.03.20 20:18:28 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.02.21 21:52:36 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.02.21 21:52:36 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.02.21 21:52:36 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2011.08.12 21:31:24 | 000,002,048 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fcmdSrch.xml [2012.02.21 21:52:36 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.02.21 21:52:36 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.02.21 21:52:36 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe (VIA) O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [VIAAUD] C:\Program Files\VIA\VIAudioi\VDeck\VIAAUD.exe File not found O4 - HKU\S-1-5-21-2709026904-2300073761-1837081891-1000..\Run: [PlayNC Launcher] File not found O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\****\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O13 - gopher Prefix: missing O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/de/uno1/GAME_UNO1.cab (UnoCtrl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class) O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{007D5165-2504-47F8-9C7C-854EE0914DDF}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1B35AB03-FB5D-4CEC-9676-FB06B274D7F1}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{46474865-D3E9-44C0-825C-C49669E17E4E}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{62B1F67C-720E-4910-9143-FC4B0B1434D0}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B6BD8B91-C2D2-4A2A-A256-C158072F3593}: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{46754f5b-9475-11e0-bc61-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{46754f5b-9475-11e0-bc61-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Autorun.exe O33 - MountPoints2\{4c5fc037-999c-11e0-9aa6-0025229459ae}\Shell - "" = AutoRun O33 - MountPoints2\{4c5fc037-999c-11e0-9aa6-0025229459ae}\Shell\AutoRun\command - "" = E:\StartSetup.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^NETGEAR WG111v3 Setup-Assistent.lnk - C:\Programme\NETGEAR\WG111v3\WG111v3.exe - () MsConfig - StartUpFolder: C:^Users^****^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^CurseClientStartup.ccip - - File not found MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: APSDaemon - hkey= - key= - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) MsConfig - StartUpReg: DAEMON Tools Lite - hkey= - key= - C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) MsConfig - StartUpReg: LogMeIn Hamachi Ui - hkey= - key= - C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.) MsConfig - StartUpReg: PlusService - hkey= - key= - C:\Program Files\Yuna Software\Messenger Plus!\PlusService.exe (Yuna Software) MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.) MsConfig - StartUpReg: SandboxieControl - hkey= - key= - C:\Program Files\Sandboxie\SbieCtrl.exe (SANDBOXIE L.T.D) MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) MsConfig - State: "startup" - 2 MsConfig - State: "services" - 2 SafeBootMin: AppMgmt - Service SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: NTDS - File not found SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: AppMgmt - Service SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: Hamachi2Svc - C:\Programme\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.) SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: NTDS - File not found SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.vorbis - C:\Windows\System32\vorbis.acm (HMS hxxp://hp.vector.co.jp/authors/VA012897/) Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.) Drivers32: VIDC.FPS1 - C:\Windows\System32\frapsvid.dll (Beepa P/L) Drivers32: vidc.tscc - C:\Windows\System32\tsccvid.dll (TechSmith Corporation) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.05.01 18:56:26 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2012.05.01 00:54:31 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\QuickScan [2012.04.30 12:09:18 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\****\Desktop\dds.com [2012.04.20 17:27:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo III Beta [2012.04.20 17:27:26 | 000,000,000 | ---D | C] -- C:\Program Files\Diablo III Beta [2012.04.20 17:25:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Battle.net [2012.04.05 22:46:36 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation [2012.04.05 21:54:58 | 000,000,000 | ---D | C] -- C:\Users\****\Documents\BioWare [2012.04.05 21:17:13 | 000,000,000 | ---D | C] -- C:\Windows\System32\Unleashed [2012.04.05 21:17:08 | 000,000,000 | ---D | C] -- C:\Program Files\Mass Effect 2 [2012.04.05 21:08:16 | 000,000,000 | ---D | C] -- C:\Users\****\Documents\NFS Most Wanted [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\*.tmp files -> C:\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.05.02 12:48:23 | 000,019,312 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.05.02 12:48:23 | 000,019,312 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.05.02 12:41:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.05.02 12:40:59 | 2818,023,424 | -HS- | M] () -- C:\hiberfil.sys [2012.05.01 17:39:28 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.04.30 13:12:37 | 000,012,204 | ---- | M] () -- C:\Users\****\Desktop\Desktop.zip [2012.04.30 12:13:16 | 000,302,592 | ---- | M] () -- C:\Users\****\Desktop\v7pnp6d1.exe [2012.04.30 12:09:25 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\****\Desktop\dds.com [2012.04.30 12:08:17 | 000,000,000 | ---- | M] () -- C:\Users\****\defogger_reenable [2012.04.30 12:07:44 | 000,050,477 | ---- | M] () -- C:\Users\****\Desktop\Defogger.exe [2012.04.29 22:06:18 | 311,525,463 | ---- | M] () -- C:\Windows\MEMORY.DMP [2012.04.20 21:25:32 | 000,278,561 | ---- | M] () -- C:\Users\****\Desktop\Minecraft.exe [2012.04.20 17:27:56 | 000,001,239 | ---- | M] () -- C:\Users\Public\Desktop\Diablo III Beta.lnk [2012.04.11 22:21:45 | 000,696,620 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.04.11 22:21:45 | 000,651,938 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.04.11 22:21:45 | 000,147,916 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.04.11 22:21:45 | 000,120,870 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.04.07 19:28:34 | 000,001,674 | ---- | M] () -- C:\Windows\Sandboxie.ini [2012.04.05 22:51:58 | 000,001,514 | ---- | M] () -- C:\Users\****\Desktop\MassEffect2Launcher - Verknüpfung.lnk [2012.04.04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.04.03 15:58:49 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt [2012.04.03 14:48:43 | 000,000,854 | ---- | M] () -- C:\Users\****\.recently-used.xbel [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\*.tmp files -> C:\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.04.30 13:12:37 | 000,012,204 | ---- | C] () -- C:\Users\****\Desktop\Desktop.zip [2012.04.30 12:13:08 | 000,302,592 | ---- | C] () -- C:\Users\****\Desktop\v7pnp6d1.exe [2012.04.30 12:08:17 | 000,000,000 | ---- | C] () -- C:\Users\****\defogger_reenable [2012.04.30 12:07:43 | 000,050,477 | ---- | C] () -- C:\Users\****\Desktop\Defogger.exe [2012.04.20 21:25:26 | 000,278,561 | ---- | C] () -- C:\Users\****\Desktop\Minecraft.exe [2012.04.20 17:27:27 | 000,001,239 | ---- | C] () -- C:\Users\Public\Desktop\Diablo III Beta.lnk [2012.04.05 22:51:58 | 000,001,514 | ---- | C] () -- C:\Users\****\Desktop\MassEffect2Launcher - Verknüpfung.lnk [2012.04.03 14:48:43 | 000,000,854 | ---- | C] () -- C:\Users\****\.recently-used.xbel [2012.02.28 17:55:01 | 000,007,680 | ---- | C] () -- C:\Users\****\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.01.30 20:00:38 | 000,001,674 | ---- | C] () -- C:\Windows\Sandboxie.ini [2011.12.06 04:27:36 | 000,204,960 | ---- | C] () -- C:\Windows\System32\ativvsvl.dat [2011.12.06 04:27:36 | 000,157,152 | ---- | C] () -- C:\Windows\System32\ativvsva.dat [2011.12.05 23:04:00 | 000,059,904 | ---- | C] () -- C:\Windows\System32\OpenVideo.dll [2011.12.05 23:03:52 | 000,054,784 | ---- | C] () -- C:\Windows\System32\OVDecode.dll [2011.11.14 21:47:22 | 000,608,507 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat [2011.09.28 18:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat [2011.09.13 01:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\System32\atipblag.dat [2011.08.06 15:37:01 | 000,279,712 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys [2011.08.06 15:37:00 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys [2011.07.22 19:27:38 | 000,138,264 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys [2011.07.22 19:27:37 | 000,138,056 | ---- | C] () -- C:\Users\****\AppData\Roaming\PnkBstrK.sys [2011.07.22 19:27:20 | 000,234,768 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe [2011.07.22 19:27:11 | 000,075,136 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe [2011.07.11 12:15:29 | 000,051,222 | ---- | C] () -- C:\Users\****\AppData\Roaming\room_v3.dat [2011.06.18 22:30:03 | 1782,587,392 | -H-- | C] () -- C:\Program Files\DATA1.CAB.gpotato [2011.06.18 18:10:04 | 000,000,032 | R--- | C] () -- C:\ProgramData\hash.dat [2011.06.01 20:53:08 | 000,704,512 | ---- | C] () -- C:\Windows\System32\cohelper.dll [2011.06.01 20:53:08 | 000,005,940 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin [2011.06.01 19:57:05 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2011.03.30 19:07:10 | 001,031,168 | ---- | C] () -- C:\Windows\System32\spk.dll [2010.11.11 21:19:24 | 000,021,080 | ---- | C] () -- C:\Windows\System32\drivers\ntiopnp.sys [2010.08.10 15:49:36 | 000,011,392 | ---- | C] () -- C:\Windows\System32\drivers\ntiomin.sys ========== LOP Check ========== [2012.04.20 21:27:56 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\.minecraft [2011.09.11 18:42:56 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\DAEMON Tools Lite [2011.07.22 22:51:47 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\DVDVideoSoft [2011.07.22 22:51:43 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\DVDVideoSoftIEHelpers [2011.10.16 02:30:51 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\gtk-2.0 [2011.06.18 22:26:40 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Hi-Rez Studios [2011.10.19 20:00:20 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Image-Line [2011.10.26 18:36:32 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\iZotope [2011.06.02 13:02:42 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\LolClient [2012.01.07 05:56:03 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\MotioninJoy [2011.12.17 23:59:07 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\mp3DirectCut [2012.05.01 00:54:36 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\QuickScan [2011.10.19 22:15:16 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\SynthMaker [2011.07.11 19:21:45 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\TeamViewer [2011.09.18 17:50:21 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\thriXXX [2011.07.06 12:14:22 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\TS3Client [2011.09.07 01:28:45 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Unity [2011.11.03 05:35:29 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\uTorrent [2012.04.05 22:17:09 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2012.04.20 21:27:56 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\.minecraft [2011.06.23 12:40:02 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Adobe [2011.12.30 15:27:52 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Apple Computer [2011.06.01 19:57:59 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\ATI [2011.09.11 18:42:56 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\DAEMON Tools Lite [2011.07.22 22:51:47 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\DVDVideoSoft [2011.07.22 22:51:43 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\DVDVideoSoftIEHelpers [2011.10.16 02:30:51 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\gtk-2.0 [2011.06.18 22:26:40 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Hi-Rez Studios [2011.06.01 19:13:35 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Identities [2011.10.19 20:00:20 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Image-Line [2011.09.18 22:59:49 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\InstallShield [2011.09.11 18:48:54 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\InstallShield Installation Information [2011.10.26 18:36:32 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\iZotope [2011.06.02 13:02:42 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\LolClient [2011.06.01 21:05:18 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Macromedia [2011.09.09 04:22:21 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Malwarebytes [2009.07.14 10:56:41 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Media Center Programs [2011.09.18 23:00:45 | 000,000,000 | --SD | M] -- C:\Users\****\AppData\Roaming\Microsoft [2012.01.07 05:56:03 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\MotioninJoy [2011.06.01 20:00:15 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Mozilla [2011.12.17 23:59:07 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\mp3DirectCut [2012.05.01 00:54:36 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\QuickScan [2011.08.19 02:27:40 | 000,000,000 | RH-D | M] -- C:\Users\****\AppData\Roaming\SecuROM [2012.05.01 17:35:58 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Skype [2011.10.19 22:15:16 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\SynthMaker [2011.07.11 19:21:45 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\TeamViewer [2011.09.18 17:50:21 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\thriXXX [2011.07.06 12:14:22 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\TS3Client [2011.09.07 01:28:45 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Unity [2011.11.03 05:35:29 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\uTorrent [2011.06.18 01:09:07 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\vlc [2011.06.02 15:00:47 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\WinRAR < %APPDATA%\*.exe /s > [2011.09.11 18:43:45 | 000,331,776 | ---- | M] (Rockstar Games ) -- C:\Users\****\AppData\Roaming\InstallShield Installation Information\{A724605D-B399-4304-B8C7-33B3EF7D4677}\setup.exe [2011.06.01 21:05:18 | 000,038,208 | ---- | M] () -- C:\Users\****\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe [2011.09.18 05:18:54 | 005,185,536 | R--- | M] () -- C:\Users\****\AppData\Roaming\Microsoft\Installer\{D1E1F028-1953-43A3-BFD8-D2A00EC06E36}\RapeLay.exe [2011.09.18 05:18:54 | 000,028,672 | R--- | M] () -- C:\Users\****\AppData\Roaming\Microsoft\Installer\{D1E1F028-1953-43A3-BFD8-D2A00EC06E36}\_EB52FE80E75B_486E_9850_195DAB8E8D59.exe [2011.06.20 18:37:08 | 001,004,928 | ---- | M] (EA Digital Illusions CE AB) -- C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\wxoysspe.default\extensions\battlefieldplay4free@ea.com\plugins\BP4FUpdater.exe < %SYSTEMDRIVE%\*.exe > [2009.07.14 03:14:15 | 000,301,568 | ---- | M] (Microsoft Corporation) -- C:\cmd.exe [2007.11.07 08:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe [1 C:\*.tmp files -> C:\*.tmp -> ] < MD5 for: AGP440.SYS > [2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows.old\Windows\System32\drivers\AGP440.sys [2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\AGP440.sys [2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows.old\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys [2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys [2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\AGP440.sys [2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys [2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows.old\Windows\System32\drivers\atapi.sys [2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys [2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows.old\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys [2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys [2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys [2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys [2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows.old\Windows\System32\cngaudit.dll [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll < MD5 for: IASTORV.SYS > [2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys [2011.03.11 07:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\System32\drivers\iaStorV.sys [2011.03.11 07:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0033117673c16921\iaStorV.sys [2011.03.11 07:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys [2011.03.11 07:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys [2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows.old\Windows\System32\drivers\iaStorV.sys [2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_18cccb83b34e1453\iaStorV.sys [2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows.old\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys [2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_18cccb83b34e1453\iaStorV.sys [2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys [2010.11.20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys [2011.03.11 07:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys < MD5 for: NETLOGON.DLL > [2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll [2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows.old\Windows\System32\netlogon.dll [2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll [2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\System32\netlogon.dll [2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll < MD5 for: NVSTOR.SYS > [2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys [2011.03.11 07:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\System32\drivers\nvstor.sys [2011.03.11 07:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_38e464dbe521cc7f\nvstor.sys [2011.03.11 07:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys [2011.03.11 07:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys [2011.03.11 07:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys [2010.11.20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys [2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows.old\Windows\System32\drivers\nvstor.sys [2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvstor.sys [2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows.old\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys [2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvstor.sys [2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys < MD5 for: SCECLI.DLL > [2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows.old\Windows\System32\scecli.dll [2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll [2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\System32\scecli.dll [2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll [2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll < MD5 for: USER32.DLL > [2009.07.14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows.old\Windows\System32\user32.dll [2009.07.14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll [2009.07.14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\System32\user32.dll [2009.07.14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll [2010.11.20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll < MD5 for: USERINIT.EXE > [2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows.old\Windows\System32\userinit.exe [2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe [2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\System32\userinit.exe [2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe < MD5 for: WININIT.EXE > [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows.old\Windows\System32\wininit.exe [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe < MD5 for: WINLOGON.EXE > [2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows.old\Windows\System32\winlogon.exe [2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe [2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\System32\winlogon.exe [2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe [2009.10.28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe [2009.10.28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe [2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe [2009.07.14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe [2009.07.14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows.old\Windows\System32\drivers\ws2ifsl.sys [2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys [2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys [2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [2011.12.06 05:12:52 | 000,466,944 | ---- | M] (Advanced Micro Devices, Inc.) Unable to obtain MD5 -- C:\Windows\system32\ATIDEMGX.dll ========== Files - Unicode (All) ========== [2011.06.28 19:05:29 | 000,000,988 | ---- | M] ()(C:\Users\****\AppData\Local\PMB Filer?pa) -- C:\Users\****\AppData\Local\PMB Filer耯pa [2011.06.28 18:55:33 | 000,000,988 | ---- | C] ()(C:\Users\****\AppData\Local\PMB Filer?pa) -- C:\Users\****\AppData\Local\PMB Filer耯pa < End of report > |
|
02.05.2012, 18:46
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Starker Verdacht auf Virus/Trojaner Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-2709026904-2300073761-1837081891-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.facemoods.com/?a=ddrnw
IE - HKU\S-1-5-21-2709026904-2300073761-1837081891-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-2709026904-2300073761-1837081891-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-2709026904-2300073761-1837081891-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C1 D7 05 63 4A 55 CC 01 [binary data]
IE - HKU\S-1-5-21-2709026904-2300073761-1837081891-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2709026904-2300073761-1837081891-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2709026904-2300073761-1837081891-1000\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = http://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4
FF - prefs.js..browser.search.defaultenginename: "Facemoods Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://start.facemoods.com/?a=ddrnw"
FF - prefs.js..network.proxy.http: "70.89.2.57"
FF - prefs.js..network.proxy.http_port: 8080
FF - user.js - File not found
[2011.08.12 21:31:24 | 000,002,048 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fcmdSrch.xml
O4 - HKLM..\Run: [VIAAUD] C:\Program Files\VIA\VIAudioi\VDeck\VIAAUD.exe File not found
O4 - HKU\S-1-5-21-2709026904-2300073761-1837081891-1000..\Run: [PlayNC Launcher] File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{46754f5b-9475-11e0-bc61-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{46754f5b-9475-11e0-bc61-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Autorun.exe
O33 - MountPoints2\{4c5fc037-999c-11e0-9aa6-0025229459ae}\Shell - "" = AutoRun
O33 - MountPoints2\{4c5fc037-999c-11e0-9aa6-0025229459ae}\Shell\AutoRun\command - "" = E:\StartSetup.exe
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
02.05.2012, 22:00
| #13 |
| | Starker Verdacht auf Virus/TrojanerCode:
ATTFilter All processes killed
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKU\S-1-5-21-2709026904-2300073761-1837081891-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKU\S-1-5-21-2709026904-2300073761-1837081891-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache| /E : value set successfully!
HKU\S-1-5-21-2709026904-2300073761-1837081891-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache AcceptLangs| /E : value set successfully!
HKU\S-1-5-21-2709026904-2300073761-1837081891-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache_TIMESTAMP| /E : value set successfully!
HKEY_USERS\S-1-5-21-2709026904-2300073761-1837081891-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-2709026904-2300073761-1837081891-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_USERS\S-1-5-21-2709026904-2300073761-1837081891-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0D7562AE-8EF6-416d-A838-AB665251703A}\ not found.
Prefs.js: "Facemoods Search" removed from browser.search.defaultenginename
Prefs.js: "Google" removed from browser.search.selectedEngine
Prefs.js: "hxxp://start.facemoods.com/?a=ddrnw" removed from browser.startup.homepage
Prefs.js: "70.89.2.57" removed from network.proxy.http
Prefs.js: 8080 removed from network.proxy.http_port
C:\Programme\Mozilla Firefox\searchplugins\fcmdSrch.xml moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\VIAAUD deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2709026904-2300073761-1837081891-1000\Software\Microsoft\Windows\CurrentVersion\Run\\PlayNC Launcher deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{46754f5b-9475-11e0-bc61-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{46754f5b-9475-11e0-bc61-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{46754f5b-9475-11e0-bc61-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{46754f5b-9475-11e0-bc61-806e6f6e6963}\ not found.
File D:\Autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4c5fc037-999c-11e0-9aa6-0025229459ae}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4c5fc037-999c-11e0-9aa6-0025229459ae}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4c5fc037-999c-11e0-9aa6-0025229459ae}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4c5fc037-999c-11e0-9aa6-0025229459ae}\ not found.
File E:\StartSetup.exe not found.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41044 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: ****
->Temp folder emptied: 2946953418 bytes
->Temporary Internet Files folder emptied: 41529381 bytes
->Java cache emptied: 555384 bytes
->FireFox cache emptied: 677822679 bytes
->Flash cache emptied: 64782 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 132512897 bytes
RecycleBin emptied: 8874440 bytes
Total Files Cleaned = 3.632,00 mb
[EMPTYFLASH]
User: All Users
User: Default
->Flash cache emptied: 0 bytes
User: Default User
->Flash cache emptied: 0 bytes
User: ****
->Flash cache emptied: 0 bytes
User: Public
Total Flash Files Cleaned = 0,00 mb
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.42.2 log created on 05022012_225552
Files\Folders moved on Reboot...
Registry entries deleted on Reboot...
|
|
03.05.2012, 14:10
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Starker Verdacht auf Virus/Trojaner Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten, Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs.Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! 
__________________ Logfiles bitte immer in CODE-Tags posten |
|
03.05.2012, 17:32
| #15 |
| | Starker Verdacht auf Virus/Trojaner Puh, endlich mal ein Scan der keine 2 Stunden braucht: Code:
ATTFilter 18:29:28.0202 2864 TDSS rootkit removing tool 2.7.34.0 May 2 2012 09:59:18
18:29:28.0300 2864 ============================================================
18:29:28.0300 2864 Current date / time: 2012/05/03 18:29:28.0300
18:29:28.0300 2864 SystemInfo:
18:29:28.0300 2864
18:29:28.0300 2864 OS Version: 6.1.7600 ServicePack: 0.0
18:29:28.0300 2864 Product type: Workstation
18:29:28.0300 2864 ComputerName: NICO-PC
18:29:28.0301 2864 UserName: Nico
18:29:28.0301 2864 Windows directory: C:\Windows
18:29:28.0301 2864 System windows directory: C:\Windows
18:29:28.0301 2864 Processor architecture: Intel x86
18:29:28.0301 2864 Number of processors: 6
18:29:28.0301 2864 Page size: 0x1000
18:29:28.0301 2864 Boot type: Normal boot
18:29:28.0301 2864 ============================================================
18:29:29.0412 2864 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x700FC, SectorsPerTrack: 0x13, TracksPerCylinder: 0xE0, Type 'K0', Flags 0x00000050
18:29:29.0414 2864 ============================================================
18:29:29.0414 2864 \Device\Harddisk0\DR0:
18:29:29.0414 2864 MBR partitions:
18:29:29.0414 2864 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
18:29:29.0414 2864 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x746D3800
18:29:29.0414 2864 ============================================================
18:29:29.0421 2864 C: <-> \Device\Harddisk0\DR0\Partition1
18:29:29.0422 2864 ============================================================
18:29:29.0422 2864 Initialize success
18:29:29.0422 2864 ============================================================
18:29:40.0450 3360 ============================================================
18:29:40.0450 3360 Scan started
18:29:40.0450 3360 Mode: Manual; SigCheck; TDLFS;
18:29:40.0450 3360 ============================================================
18:29:41.0259 3360 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys
18:29:41.0313 3360 1394ohci - ok
18:29:41.0338 3360 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys
18:29:41.0351 3360 ACPI - ok
18:29:41.0406 3360 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys
18:29:41.0428 3360 AcpiPmi - ok
18:29:41.0566 3360 AdobeARMservice (11a52cf7b265631deeb24c6149309eff) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
18:29:41.0576 3360 AdobeARMservice - ok
18:29:41.0610 3360 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
18:29:41.0625 3360 adp94xx - ok
18:29:41.0669 3360 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
18:29:41.0683 3360 adpahci - ok
18:29:41.0693 3360 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
18:29:41.0705 3360 adpu320 - ok
18:29:41.0728 3360 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll
18:29:41.0764 3360 AeLookupSvc - ok
18:29:41.0841 3360 AFD (0db7a48388d54d154ebec120461a0fcd) C:\Windows\system32\drivers\afd.sys
18:29:41.0896 3360 AFD - ok
18:29:41.0930 3360 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
18:29:41.0958 3360 agp440 - ok
18:29:41.0990 3360 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
18:29:42.0000 3360 aic78xx - ok
18:29:42.0059 3360 ALG (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe
18:29:42.0101 3360 ALG - ok
18:29:42.0126 3360 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
18:29:42.0136 3360 aliide - ok
18:29:42.0170 3360 AMD External Events Utility (ec98ca8298f67926fa50876348534b1d) C:\Windows\system32\atiesrxx.exe
18:29:42.0255 3360 AMD External Events Utility - ok
18:29:42.0311 3360 AMD FUEL Service - ok
18:29:42.0387 3360 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
18:29:42.0400 3360 amdagp - ok
18:29:42.0412 3360 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
18:29:42.0421 3360 amdide - ok
18:29:42.0434 3360 amdiox86 (ff258424f0b2ef25eb98f04ee386e6e3) C:\Windows\system32\DRIVERS\amdiox86.sys
18:29:42.0664 3360 amdiox86 - ok
18:29:42.0683 3360 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
18:29:42.0715 3360 AmdK8 - ok
18:29:42.0933 3360 amdkmdag (65b44179cf184b08e86097bffbf03f24) C:\Windows\system32\DRIVERS\atikmdag.sys
18:29:43.0076 3360 amdkmdag - ok
18:29:43.0155 3360 amdkmdap (5e1c65524ff1713711ce27879d813384) C:\Windows\system32\DRIVERS\atikmpag.sys
18:29:43.0186 3360 amdkmdap - ok
18:29:43.0224 3360 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
18:29:43.0252 3360 AmdPPM - ok
18:29:43.0288 3360 amdsata (19ce906b4cdc11fc4fef5745f33a63b6) C:\Windows\system32\drivers\amdsata.sys
18:29:43.0316 3360 amdsata - ok
18:29:43.0333 3360 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
18:29:43.0347 3360 amdsbs - ok
18:29:43.0365 3360 amdxata (869e67d66be326a5a9159fba8746fa70) C:\Windows\system32\drivers\amdxata.sys
18:29:43.0374 3360 amdxata - ok
18:29:43.0443 3360 AODDriver4.01 (62b03afe5cc83bacf064848daa295d9c) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys
18:29:43.0476 3360 AODDriver4.01 ( UnsignedFile.Multi.Generic ) - warning
18:29:43.0476 3360 AODDriver4.01 - detected UnsignedFile.Multi.Generic (1)
18:29:43.0493 3360 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
18:29:43.0508 3360 AppID - ok
18:29:43.0529 3360 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll
18:29:43.0561 3360 AppIDSvc - ok
18:29:43.0579 3360 Appinfo (7dead9e3f65dcb2794f2711003bbf650) C:\Windows\System32\appinfo.dll
18:29:43.0605 3360 Appinfo - ok
18:29:43.0626 3360 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
18:29:43.0637 3360 arc - ok
18:29:43.0663 3360 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
18:29:43.0673 3360 arcsas - ok
18:29:43.0757 3360 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
18:29:43.0766 3360 aspnet_state - ok
18:29:43.0815 3360 aswFsBlk (0ae43c6c411254049279c2ee55630f95) C:\Windows\system32\drivers\aswFsBlk.sys
18:29:43.0826 3360 aswFsBlk - ok
18:29:43.0861 3360 aswMonFlt (6693141560b1615d8dccf0d8eb00087e) C:\Windows\system32\drivers\aswMonFlt.sys
18:29:43.0870 3360 aswMonFlt - ok
18:29:43.0930 3360 aswRdr (225013c16fe096714d71649ad7a20e8b) C:\Windows\System32\Drivers\aswrdr2.sys
18:29:43.0938 3360 aswRdr - ok
18:29:43.0957 3360 aswSnx (dcb199b967375753b5019ec15f008f53) C:\Windows\system32\drivers\aswSnx.sys
18:29:43.0973 3360 aswSnx - ok
18:29:43.0999 3360 aswSP (b32873e5a1443c0a1e322266e203bf10) C:\Windows\system32\drivers\aswSP.sys
18:29:44.0011 3360 aswSP - ok
18:29:44.0023 3360 aswTdi (6ff544175a9180c5d88534d3d9c9a9f7) C:\Windows\system32\drivers\aswTdi.sys
18:29:44.0033 3360 aswTdi - ok
18:29:44.0048 3360 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
18:29:44.0087 3360 AsyncMac - ok
18:29:44.0106 3360 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys
18:29:44.0117 3360 atapi - ok
18:29:44.0187 3360 athur (257c58cddbcb02fd38675ed6df76037d) C:\Windows\system32\DRIVERS\athur.sys
18:29:44.0229 3360 athur - ok
18:29:44.0357 3360 AtiHDAudioService (7725aecceddf81bd8374c77157e450ea) C:\Windows\system32\drivers\AtihdW73.sys
18:29:44.0367 3360 AtiHDAudioService - ok
18:29:44.0418 3360 atksgt (f9c24d25d9ff29f894995a64812b4d85) C:\Windows\system32\DRIVERS\atksgt.sys
18:29:44.0443 3360 atksgt - ok
18:29:44.0480 3360 AudioEndpointBuilder (510c873bfa135aa829f4180352772734) C:\Windows\System32\Audiosrv.dll
18:29:44.0521 3360 AudioEndpointBuilder - ok
18:29:44.0526 3360 Audiosrv (510c873bfa135aa829f4180352772734) C:\Windows\System32\Audiosrv.dll
18:29:44.0549 3360 Audiosrv - ok
18:29:44.0631 3360 avast! Antivirus (4041d31508a2a084dfb42c595854090f) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
18:29:44.0649 3360 avast! Antivirus - ok
18:29:44.0674 3360 AxInstSV (dd6a431b43e34b91a767d1ce33728175) C:\Windows\System32\AxInstSV.dll
18:29:44.0701 3360 AxInstSV - ok
18:29:44.0744 3360 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
18:29:44.0770 3360 b06bdrv - ok
18:29:44.0794 3360 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
18:29:44.0821 3360 b57nd60x - ok
18:29:44.0837 3360 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll
18:29:44.0849 3360 BDESVC - ok
18:29:44.0857 3360 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
18:29:44.0898 3360 Beep - ok
18:29:44.0923 3360 BFE (85ac71c045ceb054ed48a7841aae0c11) C:\Windows\System32\bfe.dll
18:29:44.0961 3360 BFE - ok
18:29:44.0997 3360 BITS (53f476476f55a27f580661bde09c4ec4) C:\Windows\System32\qmgr.dll
18:29:45.0044 3360 BITS - ok
18:29:45.0059 3360 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
18:29:45.0070 3360 blbdrive - ok
18:29:45.0083 3360 bowser (9a5c671b7fbae4865149bb11f59b91b2) C:\Windows\system32\DRIVERS\bowser.sys
18:29:45.0095 3360 bowser - ok
18:29:45.0103 3360 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
18:29:45.0125 3360 BrFiltLo - ok
18:29:45.0141 3360 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
18:29:45.0166 3360 BrFiltUp - ok
18:29:45.0187 3360 Browser (598e1280e7ff3744f4b8329366cc5635) C:\Windows\System32\browser.dll
18:29:45.0247 3360 Browser - ok
18:29:45.0272 3360 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
18:29:45.0288 3360 Brserid - ok
18:29:45.0299 3360 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
18:29:45.0331 3360 BrSerWdm - ok
18:29:45.0354 3360 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
18:29:45.0383 3360 BrUsbMdm - ok
18:29:45.0397 3360 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
18:29:45.0441 3360 BrUsbSer - ok
18:29:45.0458 3360 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
18:29:45.0488 3360 BTHMODEM - ok
18:29:45.0511 3360 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll
18:29:45.0533 3360 bthserv - ok
18:29:45.0556 3360 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
18:29:45.0596 3360 cdfs - ok
18:29:45.0630 3360 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys
18:29:45.0657 3360 cdrom - ok
18:29:45.0690 3360 CertPropSvc (628a9e30ec5e18dd5de6be4dbdc12198) C:\Windows\System32\certprop.dll
18:29:45.0726 3360 CertPropSvc - ok
18:29:45.0741 3360 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
18:29:45.0752 3360 circlass - ok
18:29:45.0773 3360 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
18:29:45.0787 3360 CLFS - ok
18:29:45.0839 3360 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:29:45.0848 3360 clr_optimization_v2.0.50727_32 - ok
18:29:45.0897 3360 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:29:45.0907 3360 clr_optimization_v4.0.30319_32 - ok
18:29:45.0917 3360 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
18:29:45.0929 3360 CmBatt - ok
18:29:45.0934 3360 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys
18:29:45.0945 3360 cmdide - ok
18:29:45.0983 3360 CNG (36c252e474b2ffa0f0fbbff20d92a640) C:\Windows\system32\Drivers\cng.sys
18:29:46.0001 3360 CNG - ok
18:29:46.0012 3360 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
18:29:46.0023 3360 Compbatt - ok
18:29:46.0034 3360 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys
18:29:46.0055 3360 CompositeBus - ok
18:29:46.0073 3360 COMSysApp - ok
18:29:46.0104 3360 CPUCooLServer - ok
18:29:46.0118 3360 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
18:29:46.0126 3360 crcdisk - ok
18:29:46.0189 3360 CryptSvc (9c231178ce4fb385f4b54b0a9080b8a4) C:\Windows\system32\cryptsvc.dll
18:29:46.0224 3360 CryptSvc - ok
18:29:46.0388 3360 DcomLaunch (b82cd39e336973359d7c9bf911e8e84f) C:\Windows\system32\rpcss.dll
18:29:46.0420 3360 DcomLaunch - ok
18:29:46.0444 3360 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll
18:29:46.0469 3360 defragsvc - ok
18:29:46.0513 3360 DfsC (83d1ecea8faae75604c0fa49ac7ad996) C:\Windows\system32\Drivers\dfsc.sys
18:29:46.0537 3360 DfsC - ok
18:29:46.0567 3360 Dhcp (c56495fbd770712367cad35e5de72da6) C:\Windows\system32\dhcpcore.dll
18:29:46.0594 3360 Dhcp - ok
18:29:46.0615 3360 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
18:29:46.0635 3360 discache - ok
18:29:46.0665 3360 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
18:29:46.0675 3360 Disk - ok
18:29:46.0696 3360 Dnscache (b15be77a2bacf9c3177d27518afe26a9) C:\Windows\System32\dnsrslvr.dll
18:29:46.0721 3360 Dnscache - ok
18:29:46.0739 3360 dot3svc (4408c85c21eea48eb0ce486baeef0502) C:\Windows\System32\dot3svc.dll
18:29:46.0777 3360 dot3svc - ok
18:29:46.0795 3360 DPS (7fa81c6e11caa594adb52084da73a1e5) C:\Windows\system32\dps.dll
18:29:46.0821 3360 DPS - ok
18:29:46.0843 3360 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
18:29:46.0885 3360 drmkaud - ok
18:29:46.0939 3360 dtsoftbus01 (555e54ac2f601a8821cef58961653991) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
18:29:46.0950 3360 dtsoftbus01 - ok
18:29:46.0989 3360 DXGKrnl (1679a4669326cb1a67cc95658d273234) C:\Windows\System32\drivers\dxgkrnl.sys
18:29:47.0005 3360 DXGKrnl - ok
18:29:47.0015 3360 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll
18:29:47.0041 3360 EapHost - ok
18:29:47.0124 3360 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
18:29:47.0187 3360 ebdrv - ok
18:29:47.0275 3360 EFS (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\System32\lsass.exe
18:29:47.0335 3360 EFS - ok
18:29:47.0398 3360 ehRecvr (1697c39978cd69f6fbc15302edcece1f) C:\Windows\ehome\ehRecvr.exe
18:29:47.0426 3360 ehRecvr - ok
18:29:47.0452 3360 ehSched (d389bff34f80caede417bf9d1507996a) C:\Windows\ehome\ehsched.exe
18:29:47.0477 3360 ehSched - ok
18:29:47.0515 3360 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
18:29:47.0531 3360 elxstor - ok
18:29:47.0540 3360 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys
18:29:47.0568 3360 ErrDev - ok
18:29:47.0598 3360 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll
18:29:47.0635 3360 EventSystem - ok
18:29:47.0655 3360 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
18:29:47.0677 3360 exfat - ok
18:29:47.0690 3360 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
18:29:47.0723 3360 fastfat - ok
18:29:47.0758 3360 Fax (f7ea23cc5e6bf2181f3f399d54f6efc1) C:\Windows\system32\fxssvc.exe
18:29:47.0788 3360 Fax - ok
18:29:47.0810 3360 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
18:29:47.0831 3360 fdc - ok
18:29:47.0848 3360 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll
18:29:47.0879 3360 fdPHost - ok
18:29:47.0892 3360 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll
18:29:47.0934 3360 FDResPub - ok
18:29:47.0954 3360 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
18:29:47.0963 3360 FileInfo - ok
18:29:47.0975 3360 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
18:29:48.0006 3360 Filetrace - ok
18:29:48.0032 3360 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
18:29:48.0055 3360 flpydisk - ok
18:29:48.0076 3360 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
18:29:48.0086 3360 FltMgr - ok
18:29:48.0130 3360 FontCache (7fe4995528a7529a761875151ee3d512) C:\Windows\system32\FntCache.dll
18:29:48.0166 3360 FontCache - ok
18:29:48.0243 3360 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
18:29:48.0250 3360 FontCache3.0.0.0 - ok
18:29:48.0258 3360 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
18:29:48.0269 3360 FsDepends - ok
18:29:48.0301 3360 Fs_Rec (500a9814fd9446a8126858a5a7f7d273) C:\Windows\system32\drivers\Fs_Rec.sys
18:29:48.0311 3360 Fs_Rec - ok
18:29:48.0336 3360 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys
18:29:48.0353 3360 fvevol - ok
18:29:48.0377 3360 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
18:29:48.0389 3360 gagp30kx - ok
18:29:48.0459 3360 GGSAFERDriver - ok
18:29:48.0502 3360 gpsvc (8ba3c04702bf8f927ab36ae8313ca4ee) C:\Windows\System32\gpsvc.dll
18:29:48.0541 3360 gpsvc - ok
18:29:48.0587 3360 hamachi (833051c6c6c42117191935f734cfbd97) C:\Windows\system32\DRIVERS\hamachi.sys
18:29:48.0596 3360 hamachi - ok
18:29:48.0723 3360 Hamachi2Svc (fa89c0429821c7c429eec7a0ce1c02d3) C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
18:29:48.0755 3360 Hamachi2Svc - ok
18:29:48.0831 3360 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
18:29:48.0862 3360 hcw85cir - ok
18:29:48.0902 3360 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys
18:29:48.0932 3360 HdAudAddService - ok
18:29:48.0950 3360 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
18:29:48.0971 3360 HDAudBus - ok
18:29:48.0991 3360 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
18:29:49.0018 3360 HidBatt - ok
18:29:49.0034 3360 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
18:29:49.0056 3360 HidBth - ok
18:29:49.0088 3360 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
18:29:49.0100 3360 HidIr - ok
18:29:49.0111 3360 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\system32\hidserv.dll
18:29:49.0134 3360 hidserv - ok
18:29:49.0152 3360 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
18:29:49.0162 3360 HidUsb - ok
18:29:49.0176 3360 hkmsvc (741c2a45ca8407e374aaba3e330b7872) C:\Windows\system32\kmsvc.dll
18:29:49.0217 3360 hkmsvc - ok
18:29:49.0236 3360 HomeGroupListener (a768ca158bb06782a2835b907f4873c3) C:\Windows\system32\ListSvc.dll
18:29:49.0270 3360 HomeGroupListener - ok
18:29:49.0295 3360 HomeGroupProvider (fb08dec5ef43d0c66d83b8e9694e7549) C:\Windows\system32\provsvc.dll
18:29:49.0323 3360 HomeGroupProvider - ok
18:29:49.0340 3360 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys
18:29:49.0352 3360 HpSAMD - ok
18:29:49.0382 3360 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys
18:29:49.0429 3360 HTTP - ok
18:29:49.0442 3360 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
18:29:49.0451 3360 hwpolicy - ok
18:29:49.0461 3360 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
18:29:49.0490 3360 i8042prt - ok
18:29:49.0528 3360 iaStorV (71f1a494fedf4b33c02c4a6a28d6d9e9) C:\Windows\system32\drivers\iaStorV.sys
18:29:49.0542 3360 iaStorV - ok
18:29:49.0626 3360 idsvc (5af815eb5bc9802e5a064e2ba62bfc0c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
18:29:49.0651 3360 idsvc - ok
18:29:49.0669 3360 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
18:29:49.0680 3360 iirsp - ok
18:29:49.0712 3360 IKEEXT (fac0ee6562b121b1399d6e855583f7a5) C:\Windows\System32\ikeext.dll
18:29:49.0760 3360 IKEEXT - ok
18:29:49.0781 3360 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
18:29:49.0790 3360 intelide - ok
18:29:49.0811 3360 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
18:29:49.0835 3360 intelppm - ok
18:29:49.0850 3360 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll
18:29:49.0889 3360 IPBusEnum - ok
18:29:49.0908 3360 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:29:49.0946 3360 IpFilterDriver - ok
18:29:49.0979 3360 iphlpsvc (477397b432a256a50ee7e4339eb9ea14) C:\Windows\System32\iphlpsvc.dll
18:29:50.0033 3360 iphlpsvc - ok
18:29:50.0042 3360 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys
18:29:50.0066 3360 IPMIDRV - ok
18:29:50.0198 3360 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
18:29:50.0219 3360 IPNAT - ok
18:29:50.0362 3360 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
18:29:50.0397 3360 IRENUM - ok
18:29:50.0511 3360 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys
18:29:50.0523 3360 isapnp - ok
18:29:50.0531 3360 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys
18:29:50.0543 3360 iScsiPrt - ok
18:29:50.0570 3360 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
18:29:50.0580 3360 kbdclass - ok
18:29:50.0601 3360 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
18:29:50.0614 3360 kbdhid - ok
18:29:50.0653 3360 KeyIso (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\system32\lsass.exe
18:29:50.0665 3360 KeyIso - ok
18:29:50.0678 3360 KSecDD (0263364acb9c834ace52fb85c2c064ec) C:\Windows\system32\Drivers\ksecdd.sys
18:29:50.0688 3360 KSecDD - ok
18:29:50.0699 3360 KSecPkg (27391db553be2a4e2b0adeea2873b2af) C:\Windows\system32\Drivers\ksecpkg.sys
18:29:50.0710 3360 KSecPkg - ok
18:29:50.0737 3360 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll
18:29:50.0775 3360 KtmRm - ok
18:29:50.0804 3360 LanmanServer (8f6bf790d3168224c16f2af68a84438c) C:\Windows\system32\srvsvc.dll
18:29:50.0824 3360 LanmanServer - ok
18:29:50.0845 3360 LanmanWorkstation (b9891f885dcf1f0513a51cb58493cb1f) C:\Windows\System32\wkssvc.dll
18:29:50.0875 3360 LanmanWorkstation - ok
18:29:50.0997 3360 lirsgt (8ccf9ed46d52af1375875f74a91ffacf) C:\Windows\system32\DRIVERS\lirsgt.sys
18:29:51.0005 3360 lirsgt - ok
18:29:51.0033 3360 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
18:29:51.0072 3360 lltdio - ok
18:29:51.0242 3360 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll
18:29:51.0288 3360 lltdsvc - ok
18:29:51.0416 3360 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll
18:29:51.0466 3360 lmhosts - ok
18:29:51.0494 3360 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
18:29:51.0504 3360 LSI_FC - ok
18:29:51.0519 3360 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
18:29:51.0532 3360 LSI_SAS - ok
18:29:51.0540 3360 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
18:29:51.0550 3360 LSI_SAS2 - ok
18:29:51.0563 3360 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
18:29:51.0573 3360 LSI_SCSI - ok
18:29:51.0587 3360 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
18:29:51.0623 3360 luafv - ok
18:29:51.0759 3360 Mcx2Svc (e2b0887816ed336685954e3d8fdaa51d) C:\Windows\system32\Mcx2Svc.dll
18:29:51.0774 3360 Mcx2Svc - ok
18:29:51.0796 3360 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
18:29:51.0806 3360 megasas - ok
18:29:51.0824 3360 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
18:29:51.0835 3360 MegaSR - ok
18:29:51.0983 3360 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
18:29:52.0006 3360 MMCSS - ok
18:29:52.0143 3360 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
18:29:52.0177 3360 Modem - ok
18:29:52.0196 3360 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
18:29:52.0223 3360 monitor - ok
18:29:52.0286 3360 MotioninJoyXFilter (9960b18d55e7bd0f265c3c1953d19592) C:\Windows\system32\DRIVERS\MijXfilt.sys
18:29:52.0298 3360 MotioninJoyXFilter - ok
18:29:52.0438 3360 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
18:29:52.0448 3360 mouclass - ok
18:29:52.0577 3360 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
18:29:52.0603 3360 mouhid - ok
18:29:52.0623 3360 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
18:29:52.0632 3360 mountmgr - ok
18:29:52.0645 3360 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys
18:29:52.0657 3360 mpio - ok
18:29:52.0800 3360 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
18:29:52.0957 3360 mpsdrv - ok
18:29:52.0983 3360 MpsSvc (5cd996cecf45cbc3e8d109c86b82d69e) C:\Windows\system32\mpssvc.dll
18:29:53.0025 3360 MpsSvc - ok
18:29:53.0043 3360 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
18:29:53.0073 3360 MRxDAV - ok
18:29:53.0114 3360 mrxsmb (ca7570e42522e24324a12161db14ec02) C:\Windows\system32\DRIVERS\mrxsmb.sys
18:29:53.0138 3360 mrxsmb - ok
18:29:53.0169 3360 mrxsmb10 (f965c3ab2b2ae5c378f4562486e35051) C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:29:53.0184 3360 mrxsmb10 - ok
18:29:53.0195 3360 mrxsmb20 (25c38264a3c72594dd21d355d70d7a5d) C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:29:53.0206 3360 mrxsmb20 - ok
18:29:53.0212 3360 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys
18:29:53.0223 3360 msahci - ok
18:29:53.0240 3360 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys
18:29:53.0250 3360 msdsm - ok
18:29:53.0272 3360 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe
18:29:53.0298 3360 MSDTC - ok
18:29:53.0315 3360 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
18:29:53.0336 3360 Msfs - ok
18:29:53.0349 3360 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
18:29:53.0379 3360 mshidkmdf - ok
18:29:53.0393 3360 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys
18:29:53.0404 3360 msisadrv - ok
18:29:53.0425 3360 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll
18:29:53.0470 3360 MSiSCSI - ok
18:29:53.0472 3360 msiserver - ok
18:29:53.0500 3360 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
18:29:53.0538 3360 MSKSSRV - ok
18:29:53.0551 3360 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
18:29:53.0583 3360 MSPCLOCK - ok
18:29:53.0597 3360 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
18:29:53.0617 3360 MSPQM - ok
18:29:53.0630 3360 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
18:29:53.0644 3360 MsRPC - ok
18:29:53.0660 3360 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
18:29:53.0668 3360 mssmbios - ok
18:29:53.0676 3360 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
18:29:53.0697 3360 MSTEE - ok
18:29:53.0705 3360 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
18:29:53.0715 3360 MTConfig - ok
18:29:53.0729 3360 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
18:29:53.0740 3360 Mup - ok
18:29:53.0774 3360 napagent (80284f1985c70c86f0b5f86da2dfe1df) C:\Windows\system32\qagentRT.dll
18:29:53.0801 3360 napagent - ok
18:29:53.0833 3360 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
18:29:53.0863 3360 NativeWifiP - ok
18:29:53.0892 3360 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys
18:29:53.0911 3360 NDIS - ok
18:29:53.0924 3360 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
18:29:53.0958 3360 NdisCap - ok
18:29:53.0980 3360 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
18:29:54.0013 3360 NdisTapi - ok
18:29:54.0038 3360 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys
18:29:54.0062 3360 Ndisuio - ok
18:29:54.0071 3360 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys
18:29:54.0107 3360 NdisWan - ok
18:29:54.0123 3360 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
18:29:54.0154 3360 NDProxy - ok
18:29:54.0170 3360 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
18:29:54.0206 3360 NetBIOS - ok
18:29:54.0227 3360 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys
18:29:54.0267 3360 NetBT - ok
18:29:54.0295 3360 Netlogon (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\system32\lsass.exe
18:29:54.0308 3360 Netlogon - ok
18:29:54.0344 3360 Netman (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll
18:29:54.0389 3360 Netman - ok
18:29:54.0460 3360 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
18:29:54.0473 3360 NetMsmqActivator - ok
18:29:54.0476 3360 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
18:29:54.0485 3360 NetPipeActivator - ok
18:29:54.0510 3360 netprofm (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll
18:29:54.0541 3360 netprofm - ok
18:29:54.0582 3360 netr73 (76b1157ef850830c5ece61d3e591ca8b) C:\Windows\system32\DRIVERS\netr73.sys
18:29:54.0610 3360 netr73 - ok
18:29:54.0613 3360 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
18:29:54.0622 3360 NetTcpActivator - ok
18:29:54.0624 3360 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
18:29:54.0632 3360 NetTcpPortSharing - ok
18:29:54.0653 3360 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
18:29:54.0663 3360 nfrd960 - ok
18:29:54.0680 3360 NlaSvc (2226496e34bd40734946a054b1cd657f) C:\Windows\System32\nlasvc.dll
18:29:54.0725 3360 NlaSvc - ok
18:29:54.0738 3360 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
18:29:54.0758 3360 Npfs - ok
18:29:54.0769 3360 nsi (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll
18:29:54.0792 3360 nsi - ok
18:29:54.0804 3360 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
18:29:54.0836 3360 nsiproxy - ok
18:29:54.0895 3360 Ntfs (187002ce05693c306f43c873f821381f) C:\Windows\system32\drivers\Ntfs.sys
18:29:54.0923 3360 Ntfs - ok
18:29:54.0954 3360 ntiomin (8a2788ff5aa0fe75d7231417200406ff) C:\Windows\system32\drivers\ntiomin.sys
18:29:54.0974 3360 ntiomin ( UnsignedFile.Multi.Generic ) - warning
18:29:54.0974 3360 ntiomin - detected UnsignedFile.Multi.Generic (1)
18:29:54.0989 3360 ntiopnp (5850c28057ddea04390b88f8cc482504) C:\Windows\system32\drivers\ntiopnp.sys
18:29:54.0998 3360 ntiopnp - ok
18:29:55.0009 3360 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
18:29:55.0043 3360 Null - ok
18:29:55.0077 3360 NVENETFD (b5e37e31c053bc9950455a257526514b) C:\Windows\system32\DRIVERS\nvm62x32.sys
18:29:55.0091 3360 NVENETFD - ok
18:29:55.0123 3360 NVNET (d22e432e402499ac264a113d7168b91f) C:\Windows\system32\DRIVERS\nvmf6232.sys
18:29:55.0133 3360 NVNET - ok
18:29:55.0159 3360 nvraid (f1b0bed906f97e16f6d0c3629d2f21c6) C:\Windows\system32\drivers\nvraid.sys
18:29:55.0169 3360 nvraid - ok
18:29:55.0180 3360 nvstor (4520b63899e867f354ee012d34e11536) C:\Windows\system32\drivers\nvstor.sys
18:29:55.0192 3360 nvstor - ok
18:29:55.0217 3360 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys
18:29:55.0229 3360 nv_agp - ok
18:29:55.0237 3360 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys
18:29:55.0248 3360 ohci1394 - ok
18:29:55.0262 3360 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
18:29:55.0291 3360 p2pimsvc - ok
18:29:55.0321 3360 p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll
18:29:55.0336 3360 p2psvc - ok
18:29:55.0360 3360 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
18:29:55.0373 3360 Parport - ok
18:29:55.0377 3360 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys
18:29:55.0387 3360 partmgr - ok
18:29:55.0389 3360 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
18:29:55.0415 3360 Parvdm - ok
18:29:55.0430 3360 PcaSvc (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll
18:29:55.0448 3360 PcaSvc - ok
18:29:55.0466 3360 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys
18:29:55.0477 3360 pci - ok
18:29:55.0488 3360 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys
18:29:55.0497 3360 pciide - ok
18:29:55.0514 3360 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
18:29:55.0528 3360 pcmcia - ok
18:29:55.0541 3360 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
18:29:55.0550 3360 pcw - ok
18:29:55.0582 3360 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
18:29:55.0621 3360 PEAUTH - ok
18:29:55.0676 3360 pla (9c1bff7910c89a1d12e57343475840cb) C:\Windows\system32\pla.dll
18:29:55.0731 3360 pla - ok
18:29:55.0825 3360 PlugPlay (71def5ec79774c798342d0ea16e41780) C:\Windows\system32\umpnpmgr.dll
18:29:55.0842 3360 PlugPlay - ok
18:29:55.0890 3360 PnkBstrA (1713d9de407313138118d501b0e3c05b) C:\Windows\system32\PnkBstrA.exe
18:29:55.0903 3360 PnkBstrA - ok
18:29:55.0922 3360 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll
18:29:55.0959 3360 PNRPAutoReg - ok
18:29:55.0984 3360 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
18:29:56.0000 3360 PNRPsvc - ok
18:29:56.0043 3360 PolicyAgent (48e1b75c6dc0232fd92baae4bd344721) C:\Windows\System32\ipsecsvc.dll
18:29:56.0080 3360 PolicyAgent - ok
18:29:56.0110 3360 Power (dbff83f709a91049621c1d35dd45c92c) C:\Windows\system32\umpo.dll
18:29:56.0134 3360 Power - ok
18:29:56.0180 3360 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
18:29:56.0212 3360 PptpMiniport - ok
18:29:56.0230 3360 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
18:29:56.0253 3360 Processor - ok
18:29:56.0273 3360 ProfSvc (630cf26f0227498b7d5a92b12548960f) C:\Windows\system32\profsvc.dll
18:29:56.0316 3360 ProfSvc - ok
18:29:56.0349 3360 ProtectedStorage (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\system32\lsass.exe
18:29:56.0362 3360 ProtectedStorage - ok
18:29:56.0383 3360 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
18:29:56.0404 3360 Psched - ok
18:29:56.0445 3360 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
18:29:56.0478 3360 ql2300 - ok
18:29:56.0532 3360 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
18:29:56.0542 3360 ql40xx - ok
18:29:56.0569 3360 QWAVE (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll
18:29:56.0602 3360 QWAVE - ok
18:29:56.0620 3360 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
18:29:56.0632 3360 QWAVEdrv - ok
18:29:56.0638 3360 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
18:29:56.0663 3360 RasAcd - ok
18:29:56.0684 3360 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
18:29:56.0708 3360 RasAgileVpn - ok
18:29:56.0714 3360 RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll
18:29:56.0737 3360 RasAuto - ok
18:29:56.0754 3360 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
18:29:56.0795 3360 Rasl2tp - ok
18:29:56.0831 3360 RasMan (0ce66ec736b7fc526d78f7624c7d2a94) C:\Windows\System32\rasmans.dll
18:29:56.0872 3360 RasMan - ok
18:29:56.0890 3360 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
18:29:56.0930 3360 RasPppoe - ok
18:29:56.0952 3360 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
18:29:56.0973 3360 RasSstp - ok
18:29:56.0992 3360 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys
18:29:57.0016 3360 rdbss - ok
18:29:57.0028 3360 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
18:29:57.0040 3360 rdpbus - ok
18:29:57.0046 3360 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys
18:29:57.0082 3360 RDPCDD - ok
18:29:57.0104 3360 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
18:29:57.0140 3360 RDPENCDD - ok
18:29:57.0155 3360 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
18:29:57.0186 3360 RDPREFMP - ok
18:29:57.0217 3360 RDPWD (0399c725a9c95a6f1862b93f008ddf4a) C:\Windows\system32\drivers\RDPWD.sys
18:29:57.0234 3360 RDPWD - ok
18:29:57.0256 3360 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys
18:29:57.0269 3360 rdyboost - ok
18:29:57.0293 3360 RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll
18:29:57.0342 3360 RemoteAccess - ok
18:29:57.0371 3360 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll
18:29:57.0396 3360 RemoteRegistry - ok
18:29:57.0412 3360 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll
18:29:57.0454 3360 RpcEptMapper - ok
18:29:57.0472 3360 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe
18:29:57.0502 3360 RpcLocator - ok
18:29:57.0525 3360 RpcSs (b82cd39e336973359d7c9bf911e8e84f) C:\Windows\system32\rpcss.dll
18:29:57.0551 3360 RpcSs - ok
18:29:57.0562 3360 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
18:29:57.0584 3360 rspndr - ok
18:29:57.0616 3360 RTL8187B (b6b3c4259d514f10b458ca6c2e50bc2e) C:\Windows\system32\DRIVERS\wg111v3.sys
18:29:57.0639 3360 RTL8187B - ok
18:29:57.0676 3360 RTL8192su (83e64d86a4d888d973de824780567518) C:\Windows\system32\DRIVERS\RTL8192su.sys
18:29:57.0710 3360 RTL8192su - ok
18:29:57.0756 3360 SamSs (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\system32\lsass.exe
18:29:57.0785 3360 SamSs - ok
18:29:57.0880 3360 SbieDrv (3ab6cad1ddfa84cd7bc3d1a759b1e81e) C:\Program Files\Sandboxie\SbieDrv.sys
18:29:57.0891 3360 SbieDrv - ok
18:29:57.0919 3360 SbieSvc (833539963e31edd4dc0063fe9cf95701) C:\Program Files\Sandboxie\SbieSvc.exe
18:29:57.0930 3360 SbieSvc - ok
18:29:57.0953 3360 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys
18:29:57.0964 3360 sbp2port - ok
18:29:57.0979 3360 SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll
18:29:58.0019 3360 SCardSvr - ok
18:29:58.0036 3360 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys
18:29:58.0073 3360 scfilter - ok
18:29:58.0108 3360 Schedule (df1e5c82e4d09cf8105cc644980c4803) C:\Windows\system32\schedsvc.dll
18:29:58.0147 3360 Schedule - ok
18:29:58.0167 3360 SCPolicySvc (628a9e30ec5e18dd5de6be4dbdc12198) C:\Windows\System32\certprop.dll
18:29:58.0188 3360 SCPolicySvc - ok
18:29:58.0208 3360 SDRSVC (5fd90abdbfaee85986802622cbb03446) C:\Windows\System32\SDRSVC.dll
18:29:58.0238 3360 SDRSVC - ok
18:29:58.0261 3360 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
18:29:58.0296 3360 secdrv - ok
18:29:58.0313 3360 seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll
18:29:58.0347 3360 seclogon - ok
18:29:58.0371 3360 SENS (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\System32\sens.dll
18:29:58.0409 3360 SENS - ok
18:29:58.0431 3360 SensrSvc (50087fe1ee447009c9cc2997b90de53f) C:\Windows\system32\sensrsvc.dll
18:29:58.0458 3360 SensrSvc - ok
18:29:58.0470 3360 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
18:29:58.0483 3360 Serenum - ok
18:29:58.0493 3360 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
18:29:58.0513 3360 Serial - ok
18:29:58.0524 3360 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
18:29:58.0542 3360 sermouse - ok
18:29:58.0569 3360 SessionEnv (8f55ce568c543d5adf45c409d16718fc) C:\Windows\system32\sessenv.dll
18:29:58.0608 3360 SessionEnv - ok
18:29:58.0621 3360 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
18:29:58.0646 3360 sffdisk - ok
18:29:58.0658 3360 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys
18:29:58.0688 3360 sffp_mmc - ok
18:29:58.0708 3360 sffp_sd (4f1e5b0fe7c8050668dbfade8999aefb) C:\Windows\system32\DRIVERS\sffp_sd.sys
18:29:58.0732 3360 sffp_sd - ok
18:29:58.0749 3360 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
18:29:58.0759 3360 sfloppy - ok
18:29:58.0784 3360 SharedAccess (d1a079a0de2ea524513b6930c24527a2) C:\Windows\System32\ipnathlp.dll
18:29:58.0811 3360 SharedAccess - ok
18:29:58.0832 3360 ShellHWDetection (cd2e48fa5b29ee2b3b5858056d246ef2) C:\Windows\System32\shsvcs.dll
18:29:58.0850 3360 ShellHWDetection - ok
18:29:58.0878 3360 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys
18:29:58.0890 3360 sisagp - ok
18:29:58.0908 3360 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
18:29:58.0917 3360 SiSRaid2 - ok
18:29:58.0928 3360 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
18:29:58.0940 3360 SiSRaid4 - ok
18:29:58.0961 3360 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
18:29:58.0998 3360 Smb - ok
18:29:59.0037 3360 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe
18:29:59.0049 3360 SNMPTRAP - ok
18:29:59.0061 3360 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
18:29:59.0071 3360 spldr - ok
18:29:59.0094 3360 Spooler (d1bb750eb51694de183e08b9c33be5b2) C:\Windows\System32\spoolsv.exe
18:29:59.0110 3360 Spooler - ok
18:29:59.0181 3360 sppsvc (4c287f9069fedbd791178876ee9de536) C:\Windows\system32\sppsvc.exe
18:29:59.0250 3360 sppsvc - ok
18:29:59.0316 3360 sppuinotify (d8e3e19eebdab49dd4a8d3062ead4ec7) C:\Windows\system32\sppuinotify.dll
18:29:59.0339 3360 sppuinotify - ok
18:29:59.0389 3360 srv (c4a027b8c0bd3fc0699f41fa5e9e0c87) C:\Windows\system32\DRIVERS\srv.sys
18:29:59.0421 3360 srv - ok
18:29:59.0449 3360 srv2 (414bb592cad8a79649d01f9d94318fb3) C:\Windows\system32\DRIVERS\srv2.sys
18:29:59.0473 3360 srv2 - ok
18:29:59.0496 3360 srvnet (ff207d67700aa18242aaf985d3e7d8f4) C:\Windows\system32\DRIVERS\srvnet.sys
18:29:59.0521 3360 srvnet - ok
18:29:59.0539 3360 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll
18:29:59.0583 3360 SSDPSRV - ok
18:29:59.0604 3360 SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll
18:29:59.0640 3360 SstpSvc - ok
18:29:59.0695 3360 Steam Client Service - ok
18:29:59.0712 3360 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
18:29:59.0723 3360 stexstor - ok
18:29:59.0760 3360 StiSvc (a22825e7bb7018e8af3e229a5af17221) C:\Windows\System32\wiaservc.dll
18:29:59.0794 3360 StiSvc - ok
18:29:59.0810 3360 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
18:29:59.0821 3360 swenum - ok
18:29:59.0853 3360 swprv (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll
18:29:59.0882 3360 swprv - ok
18:29:59.0918 3360 SysMain (04105c8da62353589c29bdaeb8d88bd8) C:\Windows\system32\sysmain.dll
18:29:59.0967 3360 SysMain - ok
18:29:59.0982 3360 TabletInputService (fcfb6c552fbc0da299799cbd50ad9fd4) C:\Windows\System32\TabSvc.dll
18:30:00.0011 3360 TabletInputService - ok
18:30:00.0032 3360 TapiSrv (2f46b0c70a4adc8c90cf825da3b4feaf) C:\Windows\System32\tapisrv.dll
18:30:00.0060 3360 TapiSrv - ok
18:30:00.0075 3360 TBS (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll
18:30:00.0109 3360 TBS - ok
18:30:00.0192 3360 Tcpip (56c198ac82efa622dd93e9e43575f79c) C:\Windows\system32\drivers\tcpip.sys
18:30:00.0221 3360 Tcpip - ok
18:30:00.0234 3360 TCPIP6 (56c198ac82efa622dd93e9e43575f79c) C:\Windows\system32\DRIVERS\tcpip.sys
18:30:00.0257 3360 TCPIP6 - ok
18:30:00.0269 3360 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys
18:30:00.0292 3360 tcpipreg - ok
18:30:00.0310 3360 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys
18:30:00.0331 3360 TDPIPE - ok
18:30:00.0364 3360 TDTCP (7156308896d34ea75a582f9a09e50c17) C:\Windows\system32\drivers\tdtcp.sys
18:30:00.0391 3360 TDTCP - ok
18:30:00.0416 3360 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys
18:30:00.0448 3360 tdx - ok
18:30:00.0590 3360 TeamViewer6 (1c46c27e9f1938b9589859c70450d275) C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
18:30:00.0629 3360 TeamViewer6 - ok
18:30:00.0693 3360 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys
18:30:00.0703 3360 TermDD - ok
18:30:00.0726 3360 TermService (a01e50a04d7b1960b33e92b9080e6a94) C:\Windows\System32\termsrv.dll
18:30:00.0757 3360 TermService - ok
18:30:00.0769 3360 Themes (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll
18:30:00.0795 3360 Themes - ok
18:30:00.0818 3360 THREADORDER (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
18:30:00.0839 3360 THREADORDER - ok
18:30:00.0862 3360 TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll
18:30:00.0902 3360 TrkWks - ok
18:30:00.0942 3360 TrustedInstaller (41a4c781d2286208d397d72099304133) C:\Windows\servicing\TrustedInstaller.exe
18:30:00.0967 3360 TrustedInstaller - ok
18:30:00.0986 3360 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys
18:30:01.0024 3360 tssecsrv - ok
18:30:01.0052 3360 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys
18:30:01.0078 3360 tunnel - ok
18:30:01.0082 3360 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
18:30:01.0091 3360 uagp35 - ok
18:30:01.0109 3360 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys
18:30:01.0149 3360 udfs - ok
18:30:01.0172 3360 UI0Detect (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe
18:30:01.0204 3360 UI0Detect - ok
18:30:01.0227 3360 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys
18:30:01.0237 3360 uliagpkx - ok
18:30:01.0261 3360 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys
18:30:01.0285 3360 umbus - ok
18:30:01.0304 3360 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
18:30:01.0314 3360 UmPass - ok
18:30:01.0335 3360 upnphost (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll
18:30:01.0377 3360 upnphost - ok
18:30:01.0412 3360 usbaudio (2436a42aab4ad48a9b714e5b0f344627) C:\Windows\system32\drivers\usbaudio.sys
18:30:01.0424 3360 usbaudio - ok
18:30:01.0451 3360 usbccgp (c31ae588e403042632dc796cf09e30b0) C:\Windows\system32\DRIVERS\usbccgp.sys
18:30:01.0467 3360 usbccgp - ok
18:30:01.0479 3360 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys
18:30:01.0508 3360 usbcir - ok
18:30:01.0533 3360 usbehci (e4c436d914768ce965d5e659ba7eebd8) C:\Windows\system32\DRIVERS\usbehci.sys
18:30:01.0553 3360 usbehci - ok
18:30:01.0586 3360 usbhub (bdcd7156ec37448f08633fd899823620) C:\Windows\system32\DRIVERS\usbhub.sys
18:30:01.0625 3360 usbhub - ok
18:30:01.0647 3360 usbohci (eb2d819a639015253c871cda09d91d58) C:\Windows\system32\DRIVERS\usbohci.sys
18:30:01.0672 3360 usbohci - ok
18:30:01.0713 3360 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
18:30:01.0745 3360 usbprint - ok
18:30:01.0782 3360 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
18:30:01.0801 3360 usbscan - ok
18:30:01.0826 3360 USBSTOR (1c4287739a93594e57e2a9e6a3ed7353) C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:30:01.0836 3360 USBSTOR - ok
18:30:01.0848 3360 usbuhci (22480bf4e5a09192e5e30ba4dde79fa4) C:\Windows\system32\drivers\usbuhci.sys
18:30:01.0879 3360 usbuhci - ok
18:30:01.0908 3360 UxSms (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll
18:30:01.0942 3360 UxSms - ok
18:30:01.0979 3360 VaultSvc (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\system32\lsass.exe
18:30:01.0991 3360 VaultSvc - ok
18:30:02.0012 3360 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys
18:30:02.0022 3360 vdrvroot - ok
18:30:02.0046 3360 vds (8c4e7c49d3641bc9e299e466a7f8867d) C:\Windows\System32\vds.exe
18:30:02.0084 3360 vds - ok
18:30:02.0103 3360 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
18:30:02.0116 3360 vga - ok
18:30:02.0128 3360 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
18:30:02.0152 3360 VgaSave - ok
18:30:02.0167 3360 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys
18:30:02.0185 3360 vhdmp - ok
18:30:02.0205 3360 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys
18:30:02.0218 3360 viaagp - ok
18:30:02.0221 3360 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
18:30:02.0244 3360 ViaC7 - ok
18:30:02.0303 3360 VIAHdAudAddService (4b1c025d194bbb41b1d7e86b54d88dc1) C:\Windows\system32\drivers\viahduaa.sys
18:30:02.0329 3360 VIAHdAudAddService - ok
18:30:02.0337 3360 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys
18:30:02.0346 3360 viaide - ok
18:30:02.0360 3360 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys
18:30:02.0369 3360 volmgr - ok
18:30:02.0382 3360 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
18:30:02.0397 3360 volmgrx - ok
18:30:02.0416 3360 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys
18:30:02.0431 3360 volsnap - ok
18:30:02.0454 3360 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
18:30:02.0469 3360 vsmraid - ok
18:30:02.0511 3360 VSS (7ea2bcd94d9cfaf4c556f5cc94532a6c) C:\Windows\system32\vssvc.exe
18:30:02.0558 3360 VSS - ok
18:30:02.0586 3360 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
18:30:02.0613 3360 vwifibus - ok
18:30:02.0632 3360 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
18:30:02.0658 3360 vwififlt - ok
18:30:02.0685 3360 W32Time (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll
18:30:02.0725 3360 W32Time - ok
18:30:02.0735 3360 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
18:30:02.0746 3360 WacomPen - ok
18:30:02.0762 3360 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
18:30:02.0783 3360 WANARP - ok
18:30:02.0786 3360 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
18:30:02.0806 3360 Wanarpv6 - ok
18:30:02.0845 3360 wbengine (7790b77fe1e5ee47dcc66247095bb4c9) C:\Windows\system32\wbengine.exe
18:30:02.0893 3360 wbengine - ok
18:30:02.0913 3360 WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll
18:30:02.0948 3360 WbioSrvc - ok
18:30:02.0975 3360 wcncsvc (6d9b75275c3e3a5f51aef81affadb2b6) C:\Windows\System32\wcncsvc.dll
18:30:02.0997 3360 wcncsvc - ok
18:30:03.0008 3360 WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll
18:30:03.0038 3360 WcsPlugInService - ok
18:30:03.0072 3360 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
18:30:03.0082 3360 Wd - ok
18:30:03.0106 3360 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
18:30:03.0123 3360 Wdf01000 - ok
18:30:03.0133 3360 WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
18:30:03.0168 3360 WdiServiceHost - ok
18:30:03.0172 3360 WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
18:30:03.0193 3360 WdiSystemHost - ok
18:30:03.0222 3360 WebClient (bb5ec38f8d4600119b4720bc5d4211f1) C:\Windows\System32\webclnt.dll
18:30:03.0238 3360 WebClient - ok
18:30:03.0257 3360 Wecsvc (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll
18:30:03.0288 3360 Wecsvc - ok
18:30:03.0302 3360 wercplsupport (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll
18:30:03.0340 3360 wercplsupport - ok
18:30:03.0366 3360 WerSvc (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll
18:30:03.0391 3360 WerSvc - ok
18:30:03.0415 3360 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
18:30:03.0438 3360 WfpLwf - ok
18:30:03.0447 3360 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
18:30:03.0461 3360 WIMMount - ok
18:30:03.0516 3360 WinDefend (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll
18:30:03.0538 3360 WinDefend - ok
18:30:03.0548 3360 WinHttpAutoProxySvc - ok
18:30:03.0591 3360 Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll
18:30:03.0632 3360 Winmgmt - ok
18:30:03.0685 3360 WinRM (c4f5d3901d1b41d602ddc196e0b95b51) C:\Windows\system32\WsmSvc.dll
18:30:03.0735 3360 WinRM - ok
18:30:03.0793 3360 WinUsb (30fc6e5448d0cbaaa95280eeef7fedae) C:\Windows\system32\DRIVERS\WinUsb.sys
18:30:03.0805 3360 WinUsb - ok
18:30:03.0830 3360 Wlansvc (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll
18:30:03.0873 3360 Wlansvc - ok
18:30:03.0965 3360 wlidsvc (0a70f4022ec2e14c159efc4f69aa2477) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
18:30:04.0001 3360 wlidsvc - ok
18:30:04.0056 3360 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
18:30:04.0073 3360 WmiAcpi - ok
18:30:04.0092 3360 wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe
18:30:04.0119 3360 wmiApSrv - ok
18:30:04.0169 3360 WMPNetworkSvc (77fbd400984cf72ba0fc4b3489d65f74) C:\Program Files\Windows Media Player\wmpnetwk.exe
18:30:04.0215 3360 WMPNetworkSvc - ok
18:30:04.0229 3360 WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll
18:30:04.0249 3360 WPCSvc - ok
18:30:04.0259 3360 WPDBusEnum (b7f658a2ebc07129538ad9ab35212637) C:\Windows\system32\wpdbusenum.dll
18:30:04.0277 3360 WPDBusEnum - ok
18:30:04.0290 3360 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
18:30:04.0324 3360 ws2ifsl - ok
18:30:04.0348 3360 wscsvc (a661a76333057b383a06e65f0073222f) C:\Windows\System32\wscsvc.dll
18:30:04.0375 3360 wscsvc - ok
18:30:04.0377 3360 WSearch - ok
18:30:04.0442 3360 wuauserv (a33408cc036f9c08142b11be5e93f0a1) C:\Windows\system32\wuaueng.dll
18:30:04.0504 3360 wuauserv - ok
18:30:04.0528 3360 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
18:30:04.0569 3360 WudfPf - ok
18:30:04.0609 3360 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
18:30:04.0641 3360 WUDFRd - ok
18:30:04.0657 3360 wudfsvc (ddee3682fe97037c45f4d7ab467cb8b6) C:\Windows\System32\WUDFSvc.dll
18:30:04.0694 3360 wudfsvc - ok
18:30:04.0710 3360 WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll
18:30:04.0741 3360 WwanSvc - ok
18:30:04.0797 3360 xusb21 (ee9144207ee0211eb5656ba6808ac4a0) C:\Windows\system32\DRIVERS\xusb21.sys
18:30:04.0809 3360 xusb21 - ok
18:30:04.0873 3360 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
18:30:04.0962 3360 \Device\Harddisk0\DR0 - ok
18:30:04.0965 3360 Boot (0x1200) (c15ce70988754d4539222e3d2ce63cb6) \Device\Harddisk0\DR0\Partition0
18:30:04.0966 3360 \Device\Harddisk0\DR0\Partition0 - ok
18:30:04.0989 3360 Boot (0x1200) (d62d625a66a550f16095e325e6ac3c64) \Device\Harddisk0\DR0\Partition1
18:30:04.0990 3360 \Device\Harddisk0\DR0\Partition1 - ok
18:30:04.0991 3360 ============================================================
18:30:04.0991 3360 Scan finished
18:30:04.0991 3360 ============================================================
18:30:05.0002 3368 Detected object count: 2
18:30:05.0002 3368 Actual detected object count: 2
18:30:12.0954 3368 AODDriver4.01 ( UnsignedFile.Multi.Generic ) - skipped by user
18:30:12.0954 3368 AODDriver4.01 ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:30:12.0955 3368 ntiomin ( UnsignedFile.Multi.Generic ) - skipped by user
18:30:12.0955 3368 ntiomin ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:30:24.0032 1380 Deinitialize success
|
|
| Themen zu Starker Verdacht auf Virus/Trojaner |
| anleitung, antivirus, avast, deutlich, ebenfalls, gefunde, gelöscht, hoffe, langsamer, laufe, laufen, leitung, logfiles, programme, rojaner gefunden, tagen, troja, trojaner, trojaner gefunden, verdacht, weiterhelfen, woche, wochen |
Textbox von OTL - wenn OTL auf deutsch ist wird sie mit 
beschriftet
.
